From a1d8dd71056059e1dfd35134fe757e784d1d8418 Mon Sep 17 00:00:00 2001 From: Ian Mckay Date: Sun, 18 Jul 2021 20:55:42 +1000 Subject: [PATCH] Update IAM map --- iamlivecore/iam_definition.json | 1443 ++++++++++++++++++-------- iamlivecore/map.json | 1700 +++++++++++++++++++++++++++++-- 2 files changed, 2609 insertions(+), 534 deletions(-) diff --git a/iamlivecore/iam_definition.json b/iamlivecore/iam_definition.json index 79d4ffc..e70b8e4 100644 --- a/iamlivecore/iam_definition.json +++ b/iamlivecore/iam_definition.json @@ -31,7 +31,7 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to associate a skill with the organization under the customer's AWS account", + "description": "Grants permission to associate a skill with the organization under the customer's AWSaccount", "privilege": "ApproveSkill", "resource_types": [ { @@ -171,7 +171,7 @@ }, { "access_level": "Write", - "description": "Grants permission to add a new conference provider under the user's AWS account", + "description": "Grants permission to add a new conference provider under the user's AWSaccount", "privilege": "CreateConferenceProvider", "resource_types": [ { @@ -685,7 +685,7 @@ }, { "access_level": "List", - "description": "Grants permission to list conference providers under a specific AWS account", + "description": "Grants permission to list conference providers under a specific AWSaccount", "privilege": "ListConferenceProviders", "resource_types": [ { @@ -887,7 +887,7 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate a skill from the organization under a user's AWS account", + "description": "Grants permission to disassociate a skill from the organization under a user's AWSaccount", "privilege": "RejectSkill", "resource_types": [ { @@ -2368,7 +2368,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get the AWS account contact information", + "description": "Grants permission to get the AWSaccount contact information", "privilege": "GetAccountContact", "resource_types": [ { @@ -9010,7 +9010,7 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of AWS App Runner automatic scaling configurations in your AWS account", + "description": "Grants permission to retrieve a list of AWS App Runner automatic scaling configurations in your AWSaccount", "privilege": "ListAutoScalingConfigurations", "resource_types": [ { @@ -9022,7 +9022,7 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of AWS App Runner connections associated with your AWS account", + "description": "Grants permission to retrieve a list of AWS App Runner connections associated with your AWSaccount", "privilege": "ListConnections", "resource_types": [ { @@ -9046,7 +9046,7 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of running AWS App Runner services in your AWS account", + "description": "Grants permission to retrieve a list of running AWS App Runner services in your AWSaccount", "privilege": "ListServices", "resource_types": [ { @@ -9318,7 +9318,7 @@ }, { "access_level": "Write", - "description": "Grants permission to copy the specified image within the same Region or to a new Region within the same AWS account", + "description": "Grants permission to copy the specified image within the same Region or to a new Region within the same AWSaccount", "privilege": "CopyImage", "resource_types": [ { @@ -9665,7 +9665,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve a list that describes the permissions for shared AWS account IDs on a private image that you own", + "description": "Grants permission to retrieve a list that describes the permissions for shared AWSaccount IDs on a private image that you own", "privilege": "DescribeImagePermissions", "resource_types": [ { @@ -11241,7 +11241,7 @@ }, { "access_level": "List", - "description": "Grants permissions to return a list of datacatalogs for the specified AWS account", + "description": "Grants permissions to return a list of datacatalogs for the specified AWSaccount", "privilege": "ListDataCatalogs", "resource_types": [ { @@ -11265,7 +11265,7 @@ }, { "access_level": "Read", - "description": "Grants permissions to return a list of athena engine versions for the specified AWS account", + "description": "Grants permissions to return a list of athena engine versions for the specified AWSaccount", "privilege": "ListEngineVersions", "resource_types": [ { @@ -11277,7 +11277,7 @@ }, { "access_level": "List", - "description": "Grants permissions to return a list of named queries in Amazon Athena for the specified AWS account", + "description": "Grants permissions to return a list of named queries in Amazon Athena for the specified AWSaccount", "privilege": "ListNamedQueries", "resource_types": [ { @@ -11301,7 +11301,7 @@ }, { "access_level": "Read", - "description": "Grants permissions to return a list of query executions for the specified AWS account", + "description": "Grants permissions to return a list of query executions for the specified AWSaccount", "privilege": "ListQueryExecutions", "resource_types": [ { @@ -11342,7 +11342,7 @@ }, { "access_level": "List", - "description": "Grants permissions to return a list of workgroups for the specified AWS account", + "description": "Grants permissions to return a list of workgroups for the specified AWSaccount", "privilege": "ListWorkGroups", "resource_types": [ { @@ -12618,7 +12618,7 @@ }, { "access_level": "List", - "description": "Grants permission to describe the current Auto Scaling resource limits for your AWS account", + "description": "Grants permission to describe the current Auto Scaling resource limits for your AWSaccount", "privilege": "DescribeAccountLimits", "resource_types": [ { @@ -13348,7 +13348,7 @@ }, { "access_level": "Write", - "description": "Grants permission to to verify that the customer running your paid software is subscribed to your product on AWS Marketplace, enabling you to guard against unauthorized use. Meters software use per ECS task, per hour, with usage prorated to the second", + "description": "Grants permission to to verify that the customer running your paid software is subscribed to your product on AWSMarketplace, enabling you to guard against unauthorized use. Meters software use per ECS task, per hour, with usage prorated to the second", "privilege": "RegisterUsage", "resource_types": [ { @@ -13372,7 +13372,7 @@ } ], "resources": [], - "service_name": "AWS Marketplace Metering Service" + "service_name": "AWSMarketplace Metering Service" }, { "conditions": [], @@ -13416,7 +13416,7 @@ } ], "resources": [], - "service_name": "AWS Marketplace Image Building Service" + "service_name": "AWSMarketplace Image Building Service" }, { "conditions": [ @@ -13563,7 +13563,7 @@ "resource": "ChangeSet" } ], - "service_name": "AWS Marketplace Catalog" + "service_name": "AWSMarketplace Catalog" }, { "conditions": [], @@ -13583,7 +13583,7 @@ } ], "resources": [], - "service_name": "AWS Marketplace Entitlement Service" + "service_name": "AWSMarketplace Entitlement Service" }, { "conditions": [], @@ -13615,7 +13615,7 @@ } ], "resources": [], - "service_name": "AWS Marketplace Procurement Systems Integration" + "service_name": "AWSMarketplace Procurement Systems Integration" }, { "conditions": [ @@ -13754,7 +13754,7 @@ }, { "access_level": "Write", - "description": "Allows users to subscribe to AWS Marketplace products. Includes the ability to send a subscription request for products that require subscription verification. Includes the ability to enable auto-renewal for an existing subscription.", + "description": "Allows users to subscribe to AWSMarketplace products. Includes the ability to send a subscription request for products that require subscription verification. Includes the ability to enable auto-renewal for an existing subscription.", "privilege": "Subscribe", "resource_types": [ { @@ -13766,7 +13766,7 @@ }, { "access_level": "Write", - "description": "Allows users to remove subscriptions to AWS Marketplace products. Includes the ability to disable auto-renewal for an existing subscription.", + "description": "Allows users to remove subscriptions to AWSMarketplace products. Includes the ability to disable auto-renewal for an existing subscription.", "privilege": "Unsubscribe", "resource_types": [ { @@ -13802,7 +13802,7 @@ } ], "resources": [], - "service_name": "AWS Marketplace" + "service_name": "AWSMarketplace" }, { "conditions": [], @@ -13902,7 +13902,7 @@ "privileges": [ { "access_level": "Write", - "description": "Allows access to the File Upload page inside the AWS Marketplace Management Portal.", + "description": "Allows access to the File Upload page inside the AWSMarketplace Management Portal.", "privilege": "uploadFiles", "resource_types": [ { @@ -13914,7 +13914,7 @@ }, { "access_level": "List", - "description": "Allows access to the Marketing page inside the AWS Marketplace Management Portal.", + "description": "Allows access to the Marketing page inside the AWSMarketplace Management Portal.", "privilege": "viewMarketing", "resource_types": [ { @@ -13926,7 +13926,7 @@ }, { "access_level": "List", - "description": "Allows access to the Reports page inside the AWS Marketplace Management Portal.", + "description": "Allows access to the Reports page inside the AWSMarketplace Management Portal.", "privilege": "viewReports", "resource_types": [ { @@ -13938,7 +13938,7 @@ }, { "access_level": "List", - "description": "Allows access to the Settings page inside the AWS Marketplace Management Portal.", + "description": "Allows access to the Settings page inside the AWSMarketplace Management Portal.", "privilege": "viewSettings", "resource_types": [ { @@ -13950,7 +13950,7 @@ }, { "access_level": "List", - "description": "Allows access to the Customer Support Eligibility page inside the AWS Marketplace Management Portal.", + "description": "Allows access to the Customer Support Eligibility page inside the AWSMarketplace Management Portal.", "privilege": "viewSupport", "resource_types": [ { @@ -13962,7 +13962,7 @@ } ], "resources": [], - "service_name": "AWS Marketplace Management Portal" + "service_name": "AWSMarketplace Management Portal" }, { "conditions": [], @@ -15623,7 +15623,7 @@ "conditions": [ { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters access based on the tags associated with the resource", "type": "String" } ], @@ -15666,7 +15666,7 @@ ] }, { - "access_level": "Write", + "access_level": "Read", "description": "Grants permission to view the status of a BugBust player's attempt to join a BugBust event", "privilege": "GetJoinEventStatus", "resource_types": [ @@ -15705,7 +15705,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "codereview" + "resource_type": "codereview*" } ] }, @@ -15758,7 +15758,7 @@ ] }, { - "access_level": "Write", + "access_level": "Read", "description": "Grants permission to view the pull requests used by players to submit fixes to their claimed bugs in an event", "privilege": "ListPullRequests", "resource_types": [ @@ -15790,12 +15790,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup" + "resource_type": "ProfilingGroup*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "codereview" + "resource_type": "codereview*" } ] }, @@ -15826,7 +15826,7 @@ ], "resources": [ { - "arn": "arn:${Partition}:codeguru-reviewer::${Account}:.+:.+", + "arn": "arn:${Partition}:codeguru-reviewer:${Region}:${Account}:association:${ResourceId}:codereview:${CodeReviewId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], @@ -16601,7 +16601,7 @@ }, { "access_level": "Read", - "description": "Lists all AWS Chatbot Slack Channel Configurations in an AWS account.", + "description": "Lists all AWS Chatbot Slack Channel Configurations in an AWSaccount.", "privilege": "DescribeSlackChannelConfigurations", "resource_types": [ { @@ -16950,7 +16950,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create an Amazon Chime account under the administrator's AWS account", + "description": "Grants permission to create an Amazon Chime account under the administrator's AWSaccount", "privilege": "CreateAccount", "resource_types": [ { @@ -16974,7 +16974,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create an app instance under the AWS account", + "description": "Grants permission to create an app instance under the AWSaccount", "privilege": "CreateAppInstance", "resource_types": [ { @@ -17072,7 +17072,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create a channel for an app instance under the AWS account", + "description": "Grants permission to create a channel for an app instance under the AWSaccount", "privilege": "CreateChannel", "resource_types": [ { @@ -17245,7 +17245,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create an Amazon Chime SIP media application under the administrator's AWS account", + "description": "Grants permission to create an Amazon Chime SIP media application under the administrator's AWSaccount", "privilege": "CreateSipMediaApplication", "resource_types": [ { @@ -17257,7 +17257,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create outbound call for Amazon Chime SIP media application under the administrator's AWS account", + "description": "Grants permission to create outbound call for Amazon Chime SIP media application under the administrator's AWSaccount", "privilege": "CreateSipMediaApplicationCall", "resource_types": [ { @@ -17269,7 +17269,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create an Amazon Chime SIP rule under the administrator's AWS account", + "description": "Grants permission to create an Amazon Chime SIP rule under the administrator's AWSaccount", "privilege": "CreateSipRule", "resource_types": [ { @@ -17293,7 +17293,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create a Amazon Chime Voice Connector under the administrator's AWS account", + "description": "Grants permission to create a Amazon Chime Voice Connector under the administrator's AWSaccount", "privilege": "CreateVoiceConnector", "resource_types": [ { @@ -17305,7 +17305,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create a Amazon Chime Voice Connector Group under the administrator's AWS account", + "description": "Grants permission to create a Amazon Chime Voice Connector Group under the administrator's AWSaccount", "privilege": "CreateVoiceConnectorGroup", "resource_types": [ { @@ -17517,7 +17517,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete delegated AWS account management from your Amazon Chime account", + "description": "Grants permission to delete delegated AWSaccount management from your Amazon Chime account", "privilege": "DeleteDelegate", "resource_types": [ { @@ -17637,7 +17637,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete Amazon Chime SIP media application under the administrator's AWS account", + "description": "Grants permission to delete Amazon Chime SIP media application under the administrator's AWSaccount", "privilege": "DeleteSipMediaApplication", "resource_types": [ { @@ -17649,7 +17649,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete Amazon Chime SIP rule under the administrator's AWS account", + "description": "Grants permission to delete Amazon Chime SIP rule under the administrator's AWSaccount", "privilege": "DeleteSipRule", "resource_types": [ { @@ -18115,7 +18115,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get global settings related to Amazon Chime for the AWS account", + "description": "Grants permission to get global settings related to Amazon Chime for the AWSaccount", "privilege": "GetGlobalSettings", "resource_types": [ { @@ -18199,7 +18199,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get phone number settings related to Amazon Chime for the AWS account", + "description": "Grants permission to get phone number settings related to Amazon Chime for the AWSaccount", "privilege": "GetPhoneNumberSettings", "resource_types": [ { @@ -18247,7 +18247,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get details of Amazon Chime SIP media application under the administrator's AWS account", + "description": "Grants permission to get details of Amazon Chime SIP media application under the administrator's AWSaccount", "privilege": "GetSipMediaApplication", "resource_types": [ { @@ -18259,7 +18259,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get logging configuration settings for Amazon Chime SIP media application under the administrator's AWS account", + "description": "Grants permission to get logging configuration settings for Amazon Chime SIP media application under the administrator's AWSaccount", "privilege": "GetSipMediaApplicationLoggingConfiguration", "resource_types": [ { @@ -18271,7 +18271,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get details of Amazon Chime SIP rule under the administrator's AWS account", + "description": "Grants permission to get details of Amazon Chime SIP rule under the administrator's AWSaccount", "privilege": "GetSipRule", "resource_types": [ { @@ -18283,7 +18283,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get telephony limits for the AWS account", + "description": "Grants permission to get telephony limits for the AWSaccount", "privilege": "GetTelephonyLimits", "resource_types": [ { @@ -18451,7 +18451,7 @@ }, { "access_level": "Write", - "description": "Grants permission to send an invitation to accept a request for AWS account delegation for an Amazon Chime account", + "description": "Grants permission to send an invitation to accept a request for AWSaccount delegation for an Amazon Chime account", "privilege": "InviteDelegate", "resource_types": [ { @@ -18499,7 +18499,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the Amazon Chime accounts under the administrator's AWS account", + "description": "Grants permission to list the Amazon Chime accounts under the administrator's AWSaccount", "privilege": "ListAccounts", "resource_types": [ { @@ -18552,7 +18552,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all Amazon Chime app instances created under a single AWS account", + "description": "Grants permission to list all Amazon Chime app instances created under a single AWSaccount", "privilege": "ListAppInstances", "resource_types": [ { @@ -18615,7 +18615,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the calling regions available for the administrator's AWS account", + "description": "Grants permission to list the calling regions available for the administrator's AWSaccount", "privilege": "ListCallingRegions", "resource_types": [ { @@ -18748,7 +18748,7 @@ }, { "access_level": "List", - "description": "Grants permission to list active Active Directories hosted in the Directory Service of your AWS account", + "description": "Grants permission to list active Active Directories hosted in the Directory Service of your AWSaccount", "privilege": "ListDirectories", "resource_types": [ { @@ -18844,7 +18844,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the phone number orders under the administrator's AWS account", + "description": "Grants permission to list the phone number orders under the administrator's AWSaccount", "privilege": "ListPhoneNumberOrders", "resource_types": [ { @@ -18856,7 +18856,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the phone numbers under the administrator's AWS account", + "description": "Grants permission to list the phone numbers under the administrator's AWSaccount", "privilege": "ListPhoneNumbers", "resource_types": [ { @@ -18904,7 +18904,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all Amazon Chime SIP media applications under the administrator's AWS account", + "description": "Grants permission to list all Amazon Chime SIP media applications under the administrator's AWSaccount", "privilege": "ListSipMediaApplications", "resource_types": [ { @@ -18916,7 +18916,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all Amazon Chime SIP rules under the administrator's AWS account", + "description": "Grants permission to list all Amazon Chime SIP rules under the administrator's AWSaccount", "privilege": "ListSipRules", "resource_types": [ { @@ -18928,7 +18928,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the phone number countries supported by the AWS account", + "description": "Grants permission to list the phone number countries supported by the AWSaccount", "privilege": "ListSupportedPhoneNumberCountries", "resource_types": [ { @@ -18964,7 +18964,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the Amazon Chime Voice Connector Groups under the administrator's AWS account", + "description": "Grants permission to list the Amazon Chime Voice Connector Groups under the administrator's AWSaccount", "privilege": "ListVoiceConnectorGroups", "resource_types": [ { @@ -18988,7 +18988,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the Amazon Chime Voice Connectors under the administrator's AWS account", + "description": "Grants permission to list the Amazon Chime Voice Connectors under the administrator's AWSaccount", "privilege": "ListVoiceConnectors", "resource_types": [ { @@ -19060,7 +19060,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update logging configuration settings for Amazon Chime SIP media application under the administrator's AWS account", + "description": "Grants permission to update logging configuration settings for Amazon Chime SIP media application under the administrator's AWSaccount", "privilege": "PutSipMediaApplicationLoggingConfiguration", "resource_types": [ { @@ -19606,7 +19606,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update the global settings related to Amazon Chime for the AWS account", + "description": "Grants permission to update the global settings related to Amazon Chime for the AWSaccount", "privilege": "UpdateGlobalSettings", "resource_types": [ { @@ -19630,7 +19630,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update phone number settings related to Amazon Chime for the AWS account", + "description": "Grants permission to update phone number settings related to Amazon Chime for the AWSaccount", "privilege": "UpdatePhoneNumberSettings", "resource_types": [ { @@ -19678,7 +19678,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update properties of Amazon Chime SIP media application under the administrator's AWS account", + "description": "Grants permission to update properties of Amazon Chime SIP media application under the administrator's AWSaccount", "privilege": "UpdateSipMediaApplication", "resource_types": [ { @@ -19690,7 +19690,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update an Amazon Chime SIP media application call under the administrator's AWS account", + "description": "Grants permission to update an Amazon Chime SIP media application call under the administrator's AWSaccount", "privilege": "UpdateSipMediaApplicationCall", "resource_types": [ { @@ -19702,7 +19702,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update properties of Amazon Chime SIP rule under the administrator's AWS account", + "description": "Grants permission to update properties of Amazon Chime SIP rule under the administrator's AWSaccount", "privilege": "UpdateSipRule", "resource_types": [ { @@ -21350,7 +21350,7 @@ }, { "access_level": "Read", - "description": "Grants permission to return the stack instance that's associated with the specified stack set, AWS account, and region", + "description": "Grants permission to return the stack instance that's associated with the specified stack set, AWSaccount, and region", "privilege": "DescribeStackInstance", "resource_types": [ { @@ -22009,37 +22009,37 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", + "description": "Filters access based on the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters access based on tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", + "description": "Filters access based on the presence of tag keys in the request", "type": "String" } ], "prefix": "cloudfront", "privileges": [ { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to associate an alias to a CloudFront distribution", "privilege": "AssociateAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "distribution*" } ] }, { "access_level": "Write", - "description": "This action adds a new cache policy to CloudFront.", + "description": "Grants permission to add a new cache policy to CloudFront", "privilege": "CreateCachePolicy", "resource_types": [ { @@ -22051,7 +22051,7 @@ }, { "access_level": "Write", - "description": "This action creates a new CloudFront origin access identity.", + "description": "Grants permission to create a new CloudFront origin access identity", "privilege": "CreateCloudFrontOriginAccessIdentity", "resource_types": [ { @@ -22063,7 +22063,7 @@ }, { "access_level": "Write", - "description": "This action creates a new web distribution.", + "description": "Grants permission to create a new web distribution", "privilege": "CreateDistribution", "resource_types": [ { @@ -22075,7 +22075,7 @@ }, { "access_level": "Tagging", - "description": "This action creates a new web distribution with tags.", + "description": "Grants permission to create a new web distribution with tags", "privilege": "CreateDistributionWithTags", "resource_types": [ { @@ -22095,7 +22095,7 @@ }, { "access_level": "Write", - "description": "This action creates a new field-level encryption configuration.", + "description": "Grants permission to create a new field-level encryption configuration", "privilege": "CreateFieldLevelEncryptionConfig", "resource_types": [ { @@ -22107,7 +22107,7 @@ }, { "access_level": "Write", - "description": "This action creates a field-level encryption profile.", + "description": "Grants permission to create a field-level encryption profile", "privilege": "CreateFieldLevelEncryptionProfile", "resource_types": [ { @@ -22119,7 +22119,7 @@ }, { "access_level": "Write", - "description": "This action creates a CloudFront function", + "description": "Grants permission to create a CloudFront function", "privilege": "CreateFunction", "resource_types": [ { @@ -22131,7 +22131,7 @@ }, { "access_level": "Write", - "description": "This action creates a new invalidation batch request.", + "description": "Grants permission to create a new invalidation batch request", "privilege": "CreateInvalidation", "resource_types": [ { @@ -22143,7 +22143,7 @@ }, { "access_level": "Write", - "description": "This action adds a new key group to CloudFront", + "description": "Grants permission to add a new key group to CloudFront", "privilege": "CreateKeyGroup", "resource_types": [ { @@ -22155,7 +22155,7 @@ }, { "access_level": "Write", - "description": "This action enables additional CloudWatch metrics for the specified CloudFront distribution. The additional metrics incur an additional cost", + "description": "Grants permission to enable additional CloudWatch metrics for the specified CloudFront distribution. The additional metrics incur an additional cost", "privilege": "CreateMonitoringSubscription", "resource_types": [ { @@ -22167,7 +22167,7 @@ }, { "access_level": "Write", - "description": "This action adds a new origin request policy to CloudFront.", + "description": "Grants permission to add a new origin request policy to CloudFront", "privilege": "CreateOriginRequestPolicy", "resource_types": [ { @@ -22179,7 +22179,7 @@ }, { "access_level": "Write", - "description": "This action adds a new public key to CloudFront.", + "description": "Grants permission to add a new public key to CloudFront", "privilege": "CreatePublicKey", "resource_types": [ { @@ -22191,7 +22191,7 @@ }, { "access_level": "Write", - "description": "This action creates a real-time log configuration", + "description": "Grants permission to create a real-time log configuration", "privilege": "CreateRealtimeLogConfig", "resource_types": [ { @@ -22203,7 +22203,7 @@ }, { "access_level": "Write", - "description": "This action creates a new RTMP distribution.", + "description": "Grants permission to create a new RTMP distribution", "privilege": "CreateStreamingDistribution", "resource_types": [ { @@ -22215,7 +22215,7 @@ }, { "access_level": "Tagging", - "description": "This action creates a new RTMP distribution with tags.", + "description": "Grants permission to create a new RTMP distribution with tags", "privilege": "CreateStreamingDistributionWithTags", "resource_types": [ { @@ -22235,7 +22235,7 @@ }, { "access_level": "Write", - "description": "This action deletes a cache policy.", + "description": "Grants permission to delete a cache policy", "privilege": "DeleteCachePolicy", "resource_types": [ { @@ -22247,7 +22247,7 @@ }, { "access_level": "Write", - "description": "This action deletes a CloudFront origin access identity.", + "description": "Grants permission to delete a CloudFront origin access identity", "privilege": "DeleteCloudFrontOriginAccessIdentity", "resource_types": [ { @@ -22259,7 +22259,7 @@ }, { "access_level": "Write", - "description": "This action deletes a web distribution.", + "description": "Grants permission to delete a web distribution", "privilege": "DeleteDistribution", "resource_types": [ { @@ -22271,7 +22271,7 @@ }, { "access_level": "Write", - "description": "This action deletes a field-level encryption configuration.", + "description": "Grants permission to delete a field-level encryption configuration", "privilege": "DeleteFieldLevelEncryptionConfig", "resource_types": [ { @@ -22283,7 +22283,7 @@ }, { "access_level": "Write", - "description": "This action deletes a field-level encryption profile.", + "description": "Grants permission to delete a field-level encryption profile", "privilege": "DeleteFieldLevelEncryptionProfile", "resource_types": [ { @@ -22295,7 +22295,7 @@ }, { "access_level": "Write", - "description": "This action deletes a CloudFront function", + "description": "Grants permission to delete a CloudFront function", "privilege": "DeleteFunction", "resource_types": [ { @@ -22307,7 +22307,7 @@ }, { "access_level": "Write", - "description": "This action deletes a key group", + "description": "Grants permission to delete a key group", "privilege": "DeleteKeyGroup", "resource_types": [ { @@ -22319,7 +22319,7 @@ }, { "access_level": "Write", - "description": "This action disables additional CloudWatch metrics for the specified CloudFront distribution", + "description": "Grants permission to disable additional CloudWatch metrics for the specified CloudFront distribution", "privilege": "DeleteMonitoringSubscription", "resource_types": [ { @@ -22331,7 +22331,7 @@ }, { "access_level": "Write", - "description": "This action deletes an origin request policy.", + "description": "Grants permission to delete an origin request policy", "privilege": "DeleteOriginRequestPolicy", "resource_types": [ { @@ -22343,7 +22343,7 @@ }, { "access_level": "Write", - "description": "This action deletes a public key from CloudFront.", + "description": "Grants permission to delete a public key from CloudFront", "privilege": "DeletePublicKey", "resource_types": [ { @@ -22355,7 +22355,7 @@ }, { "access_level": "Write", - "description": "This action deletes a real-time log configuration", + "description": "Grants permission to delete a real-time log configuration", "privilege": "DeleteRealtimeLogConfig", "resource_types": [ { @@ -22367,7 +22367,7 @@ }, { "access_level": "Write", - "description": "This action deletes an RTMP distribution.", + "description": "Grants permission to delete an RTMP distribution", "privilege": "DeleteStreamingDistribution", "resource_types": [ { @@ -22379,7 +22379,7 @@ }, { "access_level": "Read", - "description": "This action gets a CloudFront function summary", + "description": "Grants permission to get a CloudFront function summary", "privilege": "DescribeFunction", "resource_types": [ { @@ -22391,7 +22391,7 @@ }, { "access_level": "Read", - "description": "Get the cache policy", + "description": "Grants permission to get the cache policy", "privilege": "GetCachePolicy", "resource_types": [ { @@ -22403,7 +22403,7 @@ }, { "access_level": "Read", - "description": "Get the cache policy configuration", + "description": "Grants permission to get the cache policy configuration", "privilege": "GetCachePolicyConfig", "resource_types": [ { @@ -22415,7 +22415,7 @@ }, { "access_level": "Read", - "description": "Get the information about a CloudFront origin access identity.", + "description": "Grants permission to get the information about a CloudFront origin access identity", "privilege": "GetCloudFrontOriginAccessIdentity", "resource_types": [ { @@ -22427,7 +22427,7 @@ }, { "access_level": "Read", - "description": "Get the configuration information about a Cloudfront origin access identity.", + "description": "Grants permission to get the configuration information about a Cloudfront origin access identity", "privilege": "GetCloudFrontOriginAccessIdentityConfig", "resource_types": [ { @@ -22439,7 +22439,7 @@ }, { "access_level": "Read", - "description": "Get the information about a web distribution.", + "description": "Grants permission to get the information about a web distribution", "privilege": "GetDistribution", "resource_types": [ { @@ -22451,7 +22451,7 @@ }, { "access_level": "Read", - "description": "Get the configuration information about a distribution.", + "description": "Grants permission to get the configuration information about a distribution", "privilege": "GetDistributionConfig", "resource_types": [ { @@ -22463,7 +22463,7 @@ }, { "access_level": "Read", - "description": "Get the field-level encryption configuration information.", + "description": "Grants permission to get the field-level encryption configuration information", "privilege": "GetFieldLevelEncryption", "resource_types": [ { @@ -22475,7 +22475,7 @@ }, { "access_level": "Read", - "description": "Get the field-level encryption configuration information.", + "description": "Grants permission to get the field-level encryption configuration information", "privilege": "GetFieldLevelEncryptionConfig", "resource_types": [ { @@ -22487,7 +22487,7 @@ }, { "access_level": "Read", - "description": "Get the field-level encryption configuration information.", + "description": "Grants permission to get the field-level encryption configuration information", "privilege": "GetFieldLevelEncryptionProfile", "resource_types": [ { @@ -22499,7 +22499,7 @@ }, { "access_level": "Read", - "description": "Get the field-level encryption profile configuration information.", + "description": "Grants permission to get the field-level encryption profile configuration information", "privilege": "GetFieldLevelEncryptionProfileConfig", "resource_types": [ { @@ -22511,7 +22511,7 @@ }, { "access_level": "Read", - "description": "This action gets a CloudFront function's code", + "description": "Grants permission to get a CloudFront function's code", "privilege": "GetFunction", "resource_types": [ { @@ -22523,7 +22523,7 @@ }, { "access_level": "Read", - "description": "Get the information about an invalidation.", + "description": "Grants permission to get the information about an invalidation", "privilege": "GetInvalidation", "resource_types": [ { @@ -22535,7 +22535,7 @@ }, { "access_level": "Read", - "description": "This action gets a key group", + "description": "Grants permission to get a key group", "privilege": "GetKeyGroup", "resource_types": [ { @@ -22547,7 +22547,7 @@ }, { "access_level": "Read", - "description": "This action gets a key group configuration", + "description": "Grants permission to get a key group configuration", "privilege": "GetKeyGroupConfig", "resource_types": [ { @@ -22559,7 +22559,7 @@ }, { "access_level": "Read", - "description": "This action gets information about whether additional CloudWatch metrics are enabled for the specified CloudFront distribution", + "description": "Grants permission to get information about whether additional CloudWatch metrics are enabled for the specified CloudFront distribution", "privilege": "GetMonitoringSubscription", "resource_types": [ { @@ -22571,7 +22571,7 @@ }, { "access_level": "Read", - "description": "Get the origin request policy", + "description": "Grants permission to get the origin request policy", "privilege": "GetOriginRequestPolicy", "resource_types": [ { @@ -22583,7 +22583,7 @@ }, { "access_level": "Read", - "description": "Get the origin request policy configuration", + "description": "Grants permission to get the origin request policy configuration", "privilege": "GetOriginRequestPolicyConfig", "resource_types": [ { @@ -22595,7 +22595,7 @@ }, { "access_level": "Read", - "description": "Get the public key information.", + "description": "Grants permission to get the public key information", "privilege": "GetPublicKey", "resource_types": [ { @@ -22607,7 +22607,7 @@ }, { "access_level": "Read", - "description": "Get the public key configuration information.", + "description": "Grants permission to get the public key configuration information", "privilege": "GetPublicKeyConfig", "resource_types": [ { @@ -22619,7 +22619,7 @@ }, { "access_level": "Read", - "description": "This action gets a real-time log configuration", + "description": "Grants permission to get a real-time log configuration", "privilege": "GetRealtimeLogConfig", "resource_types": [ { @@ -22631,7 +22631,7 @@ }, { "access_level": "Read", - "description": "Get the information about an RTMP distribution.", + "description": "Grants permission to get the information about an RTMP distribution", "privilege": "GetStreamingDistribution", "resource_types": [ { @@ -22643,7 +22643,7 @@ }, { "access_level": "Read", - "description": "Get the configuration information about a streaming distribution.", + "description": "Grants permission to get the configuration information about a streaming distribution", "privilege": "GetStreamingDistributionConfig", "resource_types": [ { @@ -22655,7 +22655,7 @@ }, { "access_level": "List", - "description": "List all cache policies that have been created in CloudFront for this account.", + "description": "Grants permission to list all cache policies that have been created in CloudFront for this account", "privilege": "ListCachePolicies", "resource_types": [ { @@ -22667,7 +22667,7 @@ }, { "access_level": "List", - "description": "List your CloudFront origin access identities.", + "description": "Grants permission to list your CloudFront origin access identities", "privilege": "ListCloudFrontOriginAccessIdentities", "resource_types": [ { @@ -22678,20 +22678,20 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "List", + "description": "Grants permission to list all aliases that conflict with the given alias in CloudFront", "privilege": "ListConflictingAliases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "distribution*" } ] }, { "access_level": "List", - "description": "List the distributions associated with your AWS account.", + "description": "Grants permission to list the distributions associated with your AWSaccount", "privilege": "ListDistributions", "resource_types": [ { @@ -22703,7 +22703,7 @@ }, { "access_level": "List", - "description": "List distribution IDs for distributions that have a cache behavior that's associated with the specified cache policy.", + "description": "Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified cache policy", "privilege": "ListDistributionsByCachePolicyId", "resource_types": [ { @@ -22715,7 +22715,7 @@ }, { "access_level": "List", - "description": "This action lists distribution IDs for distributions that have a cache behavior that's associated with the specified key group", + "description": "Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified key group", "privilege": "ListDistributionsByKeyGroup", "resource_types": [ { @@ -22727,7 +22727,7 @@ }, { "access_level": "List", - "description": "List distribution IDs for distributions that have a cache behavior that's associated with the specified origin request policy.", + "description": "Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified origin request policy", "privilege": "ListDistributionsByOriginRequestPolicyId", "resource_types": [ { @@ -22739,7 +22739,7 @@ }, { "access_level": "List", - "description": "This action gets a list of distributions that have a cache behavior that\u2019s associated with the specified real-time log configuration", + "description": "Grants permission to get a list of distributions that have a cache behavior that\u2019s associated with the specified real-time log configuration", "privilege": "ListDistributionsByRealtimeLogConfig", "resource_types": [ { @@ -22751,7 +22751,7 @@ }, { "access_level": "List", - "description": "List the distributions associated with your AWS account with given AWS WAF web ACL.", + "description": "Grants permission to list the distributions associated with your AWSaccount with given AWS WAF web ACL", "privilege": "ListDistributionsByWebACLId", "resource_types": [ { @@ -22763,7 +22763,7 @@ }, { "access_level": "List", - "description": "List all field-level encryption configurations that have been created in CloudFront for this account.", + "description": "Grants permission to list all field-level encryption configurations that have been created in CloudFront for this account", "privilege": "ListFieldLevelEncryptionConfigs", "resource_types": [ { @@ -22775,7 +22775,7 @@ }, { "access_level": "List", - "description": "List all field-level encryption profiles that have been created in CloudFront for this account.", + "description": "Grants permission to list all field-level encryption profiles that have been created in CloudFront for this account", "privilege": "ListFieldLevelEncryptionProfiles", "resource_types": [ { @@ -22787,7 +22787,7 @@ }, { "access_level": "List", - "description": "This action gets a list of CloudFront functions", + "description": "Grants permission to get a list of CloudFront functions", "privilege": "ListFunctions", "resource_types": [ { @@ -22799,7 +22799,7 @@ }, { "access_level": "List", - "description": "List your invalidation batches.", + "description": "Grants permission to list your invalidation batches", "privilege": "ListInvalidations", "resource_types": [ { @@ -22811,7 +22811,7 @@ }, { "access_level": "List", - "description": "This action lists all key groups that have been created in CloudFront for this account", + "description": "Grants permission to list all key groups that have been created in CloudFront for this account", "privilege": "ListKeyGroups", "resource_types": [ { @@ -22823,7 +22823,7 @@ }, { "access_level": "List", - "description": "List all origin request policies that have been created in CloudFront for this account.", + "description": "Grants permission to list all origin request policies that have been created in CloudFront for this account", "privilege": "ListOriginRequestPolicies", "resource_types": [ { @@ -22835,7 +22835,7 @@ }, { "access_level": "List", - "description": "List all public keys that have been added to CloudFront for this account.", + "description": "Grants permission to list all public keys that have been added to CloudFront for this account", "privilege": "ListPublicKeys", "resource_types": [ { @@ -22847,7 +22847,7 @@ }, { "access_level": "List", - "description": "This action gets a list of real-time log configurations", + "description": "Grants permission to get a list of real-time log configurations", "privilege": "ListRealtimeLogConfigs", "resource_types": [ { @@ -22859,7 +22859,7 @@ }, { "access_level": "List", - "description": "List your RTMP distributions.", + "description": "Grants permission to list your RTMP distributions", "privilege": "ListStreamingDistributions", "resource_types": [ { @@ -22871,7 +22871,7 @@ }, { "access_level": "Read", - "description": "List tags for a CloudFront resource.", + "description": "Grants permission to list tags for a CloudFront resource", "privilege": "ListTagsForResource", "resource_types": [ { @@ -22888,7 +22888,7 @@ }, { "access_level": "Write", - "description": "This action publishes a CloudFront function", + "description": "Grants permission to publish a CloudFront function", "privilege": "PublishFunction", "resource_types": [ { @@ -22900,7 +22900,7 @@ }, { "access_level": "Tagging", - "description": "Add tags to a CloudFront resource.", + "description": "Grants permission to add tags to a CloudFront resource", "privilege": "TagResource", "resource_types": [ { @@ -22925,7 +22925,7 @@ }, { "access_level": "Write", - "description": "This action tests a CloudFront function", + "description": "Grants permission to test a CloudFront function", "privilege": "TestFunction", "resource_types": [ { @@ -22937,7 +22937,7 @@ }, { "access_level": "Tagging", - "description": "Remove tags from a CloudFront resource.", + "description": "Grants permission to remove tags from a CloudFront resource", "privilege": "UntagResource", "resource_types": [ { @@ -22961,7 +22961,7 @@ }, { "access_level": "Write", - "description": "This action updates a cache policy.", + "description": "Grants permission to update a cache policy", "privilege": "UpdateCachePolicy", "resource_types": [ { @@ -22973,7 +22973,7 @@ }, { "access_level": "Write", - "description": "This action sets the configuration for a CloudFront origin access identity.", + "description": "Grants permission to set the configuration for a CloudFront origin access identity", "privilege": "UpdateCloudFrontOriginAccessIdentity", "resource_types": [ { @@ -22985,7 +22985,7 @@ }, { "access_level": "Write", - "description": "This action updates the configuration for a web distribution.", + "description": "Grants permission to update the configuration for a web distribution", "privilege": "UpdateDistribution", "resource_types": [ { @@ -22997,7 +22997,7 @@ }, { "access_level": "Write", - "description": "This action updates a field-level encryption configuration.", + "description": "Grants permission to update a field-level encryption configuration", "privilege": "UpdateFieldLevelEncryptionConfig", "resource_types": [ { @@ -23009,7 +23009,7 @@ }, { "access_level": "Write", - "description": "This action updates a field-level encryption profile.", + "description": "Grants permission to update a field-level encryption profile", "privilege": "UpdateFieldLevelEncryptionProfile", "resource_types": [ { @@ -23021,7 +23021,7 @@ }, { "access_level": "Write", - "description": "This action updates a CloudFront function", + "description": "Grants permission to update a CloudFront function", "privilege": "UpdateFunction", "resource_types": [ { @@ -23033,7 +23033,7 @@ }, { "access_level": "Write", - "description": "This action updates a key group", + "description": "Grants permission to update a key group", "privilege": "UpdateKeyGroup", "resource_types": [ { @@ -23045,7 +23045,7 @@ }, { "access_level": "Write", - "description": "This action updates an origin request policy.", + "description": "Grants permission to update an origin request policy", "privilege": "UpdateOriginRequestPolicy", "resource_types": [ { @@ -23057,7 +23057,7 @@ }, { "access_level": "Write", - "description": "This action updates public key information.", + "description": "Grants permission to update public key information", "privilege": "UpdatePublicKey", "resource_types": [ { @@ -23069,7 +23069,7 @@ }, { "access_level": "Write", - "description": "This action updates a real-time log configuration", + "description": "Grants permission to update a real-time log configuration", "privilege": "UpdateRealtimeLogConfig", "resource_types": [ { @@ -23081,7 +23081,7 @@ }, { "access_level": "Write", - "description": "This action updates the configuration for an RTMP distribution.", + "description": "Grants permission to update the configuration for an RTMP distribution", "privilege": "UpdateStreamingDistribution", "resource_types": [ { @@ -24042,7 +24042,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to connect to a CloudShell environment from the AWS Management Console", + "description": "Grants permissions to connect to a CloudShell environment from the AWSManagement Console", "privilege": "CreateSession", "resource_types": [ { @@ -24674,7 +24674,7 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of valid metrics stored for the AWS account owner", + "description": "Grants permission to retrieve a list of valid metrics stored for the AWSaccount owner", "privilege": "ListMetrics", "resource_types": [ { @@ -25214,7 +25214,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the domains in the current user's AWS account", + "description": "Grants permission to list the domains in the current user's AWSaccount", "privilege": "ListDomains", "resource_types": [ { @@ -26903,7 +26903,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all approval rule templates in an AWS Region for the AWS account", + "description": "Grants permission to list all approval rule templates in an AWSRegion for the AWSaccount", "privilege": "ListApprovalRuleTemplates", "resource_types": [ { @@ -26951,7 +26951,7 @@ }, { "access_level": "List", - "description": "Grants permission to list information about AWS CodeCommit repositories in the current Region for your AWS account", + "description": "Grants permission to list information about AWS CodeCommit repositories in the current Region for your AWSaccount", "privilege": "ListRepositories", "resource_types": [ { @@ -28832,7 +28832,7 @@ }, { "access_level": "Tagging", - "description": "Grants permission to create a custom action that you can use in the pipelines associated with your AWS account", + "description": "Grants permission to create a custom action that you can use in the pipelines associated with your AWSaccount", "privilege": "CreateCustomActionType", "resource_types": [ { @@ -29040,7 +29040,7 @@ }, { "access_level": "List", - "description": "Grants permission to list a summary of all the pipelines associated with your AWS account", + "description": "Grants permission to list a summary of all the pipelines associated with your AWSaccount", "privilege": "ListPipelines", "resource_types": [ { @@ -29074,7 +29074,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all of the webhooks associated with your AWS account", + "description": "Grants permission to list all of the webhooks associated with your AWSaccount", "privilege": "ListWebhooks", "resource_types": [ { @@ -29514,7 +29514,7 @@ }, { "access_level": "List", - "description": "Lists all projects in CodeStar associated with your AWS account.", + "description": "Lists all projects in CodeStar associated with your AWSaccount.", "privilege": "ListProjects", "resource_types": [ { @@ -30208,7 +30208,7 @@ }, { "access_level": "List", - "description": "Grants permission to list notification rules in an AWS account", + "description": "Grants permission to list notification rules in an AWSaccount", "privilege": "ListNotificationRules", "resource_types": [ { @@ -30240,7 +30240,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the notification rule targets for an AWS account", + "description": "Grants permission to list the notification rule targets for an AWSaccount", "privilege": "ListTargets", "resource_types": [ { @@ -31612,7 +31612,7 @@ }, { "access_level": "List", - "description": "Lists the user pools associated with an AWS account.", + "description": "Lists the user pools associated with an AWSaccount.", "privilege": "ListUserPools", "resource_types": [ { @@ -33832,7 +33832,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the stored query for an AWS account in an AWS Region", + "description": "Grants permission to delete the stored query for an AWSaccount in an AWSRegion", "privilege": "DeleteStoredQuery", "resource_types": [ { @@ -34288,7 +34288,7 @@ }, { "access_level": "Read", - "description": "Grants permission to return the resource types, the number of each resource type, and the total number of resources that AWS Config is recording in this region for your AWS account", + "description": "Grants permission to return the resource types, the number of each resource type, and the total number of resources that AWS Config is recording in this region for your AWSaccount", "privilege": "GetDiscoveredResourceCounts", "resource_types": [ { @@ -34372,7 +34372,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the stored queries for an AWS account in an AWS Region", + "description": "Grants permission to list the stored queries for an AWSaccount in an AWSRegion", "privilege": "ListStoredQueries", "resource_types": [ { @@ -34648,7 +34648,7 @@ }, { "access_level": "Write", - "description": "Grants permission to start recording configurations of the AWS resources you have selected to record in your AWS account", + "description": "Grants permission to start recording configurations of the AWS resources you have selected to record in your AWSaccount", "privilege": "StartConfigurationRecorder", "resource_types": [ { @@ -34674,7 +34674,7 @@ }, { "access_level": "Write", - "description": "Grants permission to stop recording configurations of the AWS resources you have selected to record in your AWS account", + "description": "Grants permission to stop recording configurations of the AWS resources you have selected to record in your AWSaccount", "privilege": "StopConfigurationRecorder", "resource_types": [ { @@ -36047,7 +36047,7 @@ }, { "access_level": "List", - "description": "Grants permissions to view the Amazon Connect instances associated with an AWS account", + "description": "Grants permissions to view the Amazon Connect instances associated with an AWSaccount", "privilege": "ListInstances", "resource_types": [ { @@ -39224,7 +39224,7 @@ }, { "access_level": "List", - "description": "Grants permission to list agents owned by an AWS account in a region specified in the request", + "description": "Grants permission to list agents owned by an AWSaccount in a region specified in the request", "privilege": "ListAgents", "resource_types": [ { @@ -41687,7 +41687,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve the current status and future status of all offerings purchased by an AWS account", + "description": "Grants permission to retrieve the current status and future status of all offerings purchased by an AWSaccount", "privilege": "GetOfferingStatus", "resource_types": [ { @@ -41940,7 +41940,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all of the historical purchases, renewals, and system renewal transactions for an AWS account", + "description": "Grants permission to list all of the historical purchases, renewals, and system renewal transactions for an AWSaccount", "privilege": "ListOfferingTransactions", "resource_types": [ { @@ -41964,7 +41964,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the information of mobile testing projects for an AWS account", + "description": "Grants permission to list the information of mobile testing projects for an AWSaccount", "privilege": "ListProjects", "resource_types": [ { @@ -42086,7 +42086,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the information of desktop testing projects for an AWS account", + "description": "Grants permission to list the information of desktop testing projects for an AWSaccount", "privilege": "ListTestGridProjects", "resource_types": [ { @@ -42182,7 +42182,7 @@ }, { "access_level": "Write", - "description": "Grants permission to purchase offerings for an AWS account", + "description": "Grants permission to purchase offerings for an AWSaccount", "privilege": "PurchaseOffering", "resource_types": [ { @@ -42641,7 +42641,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view the health of operations in your AWS account", + "description": "Grants permission to view the health of operations in your AWSaccount", "privilege": "DescribeAccountHealth", "resource_types": [ { @@ -42653,7 +42653,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view the health of operations within a time range in your AWS account", + "description": "Grants permission to view the health of operations within a time range in your AWSaccount", "privilege": "DescribeAccountOverview", "resource_types": [ { @@ -43551,7 +43551,7 @@ }, { "access_level": "Read", - "description": "Returns a list of interconnects owned by the AWS account.", + "description": "Returns a list of interconnects owned by the AWSaccount.", "privilege": "DescribeInterconnects", "resource_types": [ { @@ -43626,7 +43626,7 @@ }, { "access_level": "Read", - "description": "Returns a list of virtual private gateways owned by the AWS account.", + "description": "Returns a list of virtual private gateways owned by the AWSaccount.", "privilege": "DescribeVirtualGateways", "resource_types": [ { @@ -43638,7 +43638,7 @@ }, { "access_level": "Read", - "description": "Displays all virtual interfaces for an AWS account.", + "description": "Displays all virtual interfaces for an AWSaccount.", "privilege": "DescribeVirtualInterfaces", "resource_types": [ { @@ -45474,7 +45474,7 @@ }, { "access_level": "Write", - "description": "Creates a subscription to forward real time Directory Service domain controller security logs to the specified CloudWatch log group in your AWS account.", + "description": "Creates a subscription to forward real time Directory Service domain controller security logs to the specified CloudWatch log group in your AWSaccount.", "privilege": "CreateLogSubscription", "resource_types": [ { @@ -45912,7 +45912,7 @@ }, { "access_level": "Read", - "description": "Lists the active log subscriptions for the AWS account.", + "description": "Lists the active log subscriptions for the AWSaccount.", "privilege": "ListLogSubscriptions", "resource_types": [ { @@ -46056,7 +46056,7 @@ }, { "access_level": "Write", - "description": "Shares a specified directory in your AWS account (directory owner) with another AWS account (directory consumer). With this operation you can use your directory from any AWS account and from any Amazon VPC within an AWS Region.", + "description": "Shares a specified directory in your AWSaccount (directory owner) with another AWSaccount (directory consumer). With this operation you can use your directory from any AWSaccount and from any Amazon VPC within an AWSRegion.", "privilege": "ShareDirectory", "resource_types": [ { @@ -46482,7 +46482,7 @@ }, { "access_level": "Read", - "description": "Returns the current provisioned-capacity limits for your AWS account in a region, both for the region as a whole and for any one DynamoDB table that you create there", + "description": "Returns the current provisioned-capacity limits for your AWSaccount in a region, both for the region as a whole and for any one DynamoDB table that you create there", "privilege": "DescribeLimits", "resource_types": [ { @@ -47354,7 +47354,7 @@ }, { "condition": "ec2:AvailabilityZone", - "description": "Filters access by the name of an Availability Zone in an AWS Region", + "description": "Filters access by the name of an Availability Zone in an AWSRegion", "type": "String" }, { @@ -47484,7 +47484,7 @@ }, { "condition": "ec2:Owner", - "description": "Filters access by the owner of the resource (amazon, aws-marketplace, or an AWS account ID)", + "description": "Filters access by the owner of the resource (amazon, aws-marketplace, or an AWSaccount ID)", "type": "String" }, { @@ -47574,7 +47574,7 @@ }, { "condition": "ec2:Region", - "description": "Filters access by the name of the AWS Region", + "description": "Filters access by the name of the AWSRegion", "type": "String" }, { @@ -47689,7 +47689,7 @@ }, { "condition": "ec2:VpceServiceOwner", - "description": "Filters access by the service owner of the VPC endpoint service (amazon, aws-marketplace, or an AWS account ID)", + "description": "Filters access by the service owner of the VPC endpoint service (amazon, aws-marketplace, or an AWSaccount ID)", "type": "String" }, { @@ -49705,6 +49705,24 @@ "dependent_actions": [], "resource_type": "instance*" }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "replace-root-volume-task*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "volume*" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -50064,8 +50082,13 @@ "resource_types": [ { "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageType", "ec2:Owner", - "ec2:Region" + "ec2:Public", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" ], "dependent_actions": [], "resource_type": "image*" @@ -50478,6 +50501,15 @@ "dependent_actions": [], "resource_type": "security-group" }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "security-group-rule" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -51833,14 +51865,14 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:OutpostArn", "ec2:Owner", "ec2:ParentVolume", "ec2:Region", "ec2:ResourceTag/${TagKey}", "ec2:SnapshotTime", - "ec2:SourceOutpostArn", - "ec2:VolumeSize" + "ec2:VolumeSize", + "ec2:OutpostArn", + "ec2:SourceOutpostArn" ], "dependent_actions": [], "resource_type": "snapshot*" @@ -52255,6 +52287,15 @@ "dependent_actions": [], "resource_type": "security-group" }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "security-group-rule" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -52991,7 +53032,7 @@ }, { "access_level": "List", - "description": "Grants permission to describe the attributes of the AWS account", + "description": "Grants permission to describe the attributes of the AWSaccount", "privilege": "DescribeAccountAttributes", "resource_types": [ { @@ -53363,7 +53404,7 @@ }, { "access_level": "List", - "description": "Grants permission to describe the Dedicated Host Reservations that are associated with Dedicated Hosts in the AWS account", + "description": "Grants permission to describe the Dedicated Host Reservations that are associated with Dedicated Hosts in the AWSaccount", "privilege": "DescribeHostReservations", "resource_types": [ { @@ -53843,7 +53884,7 @@ }, { "access_level": "List", - "description": "Grants permission to describe one or more AWS Regions that are currently available in your account", + "description": "Grants permission to describe one or more AWSRegions that are currently available in your account", "privilege": "DescribeRegions", "resource_types": [ { @@ -53961,6 +54002,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to describe one or more of your security group rules", + "privilege": "DescribeSecurityGroupRules", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to describe one or more security groups", @@ -55024,7 +55077,7 @@ }, { "access_level": "Write", - "description": "Grants permission to enable deprecation of the specified AMI at the specified date and time.", + "description": "Grants permission to enable deprecation of the specified AMI at the specified date and time", "privilege": "EnableImageDeprecation", "resource_types": [ { @@ -56352,6 +56405,41 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to modify the rules of a security group", + "privilege": "ModifySecurityGroupRules", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "security-group*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "prefix-list" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "security-group-rule" + } + ] + }, { "access_level": "Permissions management", "description": "Grants permission to add or remove permission settings for a snapshot", @@ -58953,6 +59041,17 @@ ], "resource": "security-group" }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:security-group-rule/${SecurityGroupRuleId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "security-group-rule" + }, { "arn": "arn:${Partition}:ec2:${Region}::snapshot/${SnapshotId}", "condition_keys": [ @@ -61536,7 +61635,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the Amazon EKS add-ons in your AWS account (in the specified or default region) for a given cluster", + "description": "Grants permission to list the Amazon EKS add-ons in your AWSaccount (in the specified or default region) for a given cluster", "privilege": "ListAddons", "resource_types": [ { @@ -61548,7 +61647,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the Amazon EKS clusters in your AWS account (in the specified or default region)", + "description": "Grants permission to list the Amazon EKS clusters in your AWSaccount (in the specified or default region)", "privilege": "ListClusters", "resource_types": [ { @@ -61560,7 +61659,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the AWS Fargate profiles in your AWS account (in the specified or default region) associated with a given cluster", + "description": "Grants permission to list the AWS Fargate profiles in your AWSaccount (in the specified or default region) associated with a given cluster", "privilege": "ListFargateProfiles", "resource_types": [ { @@ -61572,7 +61671,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the Idp configs in your AWS account (in the specified or default region) associated with a given cluster", + "description": "Grants permission to list the Idp configs in your AWSaccount (in the specified or default region) associated with a given cluster", "privilege": "ListIdentityProviderConfigs", "resource_types": [ { @@ -61584,7 +61683,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the Amazon EKS nodegroups in your AWS account (in the specified or default region) attached to given cluster", + "description": "Grants permission to list the Amazon EKS nodegroups in your AWSaccount (in the specified or default region) attached to given cluster", "privilege": "ListNodegroups", "resource_types": [ { @@ -64887,7 +64986,7 @@ }, { "access_level": "List", - "description": "Grants permission to view the description of an Amazon EFS file system specified by file system CreationToken or FileSystemId; or to view the description of all file systems owned by the caller's AWS account in the AWS region of the endpoint that is being called", + "description": "Grants permission to view the description of an Amazon EFS file system specified by file system CreationToken or FileSystemId; or to view the description of all file systems owned by the caller's AWSaccount in the AWS region of the endpoint that is being called", "privilege": "DescribeFileSystems", "resource_types": [ { @@ -65368,7 +65467,7 @@ }, { "access_level": "Read", - "description": "Describes the Elastic Load Balancing resource limits for the AWS account", + "description": "Describes the Elastic Load Balancing resource limits for the AWSaccount", "privilege": "DescribeAccountLimits", "resource_types": [ { @@ -66561,7 +66660,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve the EMR block public access configuration for the AWS account in the Region.", + "description": "Grants permission to retrieve the EMR block public access configuration for the AWSaccount in the Region.", "privilege": "GetBlockPublicAccessConfiguration", "resource_types": [ { @@ -66818,7 +66917,7 @@ }, { "access_level": "Permissions management", - "description": "Grants permission to create or update the EMR block public access configuration for the AWS account in the Region.", + "description": "Grants permission to create or update the EMR block public access configuration for the AWSaccount in the Region.", "privilege": "PutBlockPublicAccessConfiguration", "resource_types": [ { @@ -67187,7 +67286,7 @@ }, { "access_level": "List", - "description": "Get information about all of the jobs associated with the current AWS account that have a specified status", + "description": "Get information about all of the jobs associated with the current AWSaccount that have a specified status", "privilege": "ListJobsByStatus", "resource_types": [ { @@ -67199,7 +67298,7 @@ }, { "access_level": "List", - "description": "Get a list of the pipelines associated with the current AWS account", + "description": "Get a list of the pipelines associated with the current AWSaccount", "privilege": "ListPipelines", "resource_types": [ { @@ -67211,7 +67310,7 @@ }, { "access_level": "List", - "description": "Get a list of all presets associated with the current AWS account.", + "description": "Get a list of all presets associated with the current AWSaccount.", "privilege": "ListPresets", "resource_types": [ { @@ -69113,7 +69212,7 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of AWS account IDs associated with an event source", + "description": "Grants permission to retrieve a list of AWSaccount IDs associated with an event source", "privilege": "ListPartnerEventSourceAccounts", "resource_types": [ { @@ -69251,7 +69350,7 @@ }, { "access_level": "Permissions management", - "description": "Grants permission to use the PutPermission action to grants permission to another AWS account to put events to your default event bus", + "description": "Grants permission to use the PutPermission action to grants permission to another AWSaccount to put events to your default event bus", "privilege": "PutPermission", "resource_types": [ { @@ -69309,7 +69408,7 @@ }, { "access_level": "Permissions management", - "description": "Grants permission to revoke the permission of another AWS account to put events to your default event bus", + "description": "Grants permission to revoke the permission of another AWSaccount to put events to your default event bus", "privilege": "RemovePermission", "resource_types": [ { @@ -70335,7 +70434,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve violations for a resource based on the specified AWS Firewall Manager policy and AWS account", + "description": "Grants permission to retrieve violations for a resource based on the specified AWS Firewall Manager policy and AWSaccount", "privilege": "GetViolationDetails", "resource_types": [ { @@ -71780,7 +71879,7 @@ }, { "access_level": "List", - "description": "Grants permission to get one or more models. Gets all models for the AWS account if no model type and no model id provided. Gets all models for the AWS account and model type, if the model type is specified but model id is not provided. Gets a specific model if (model type, model id) tuple is specified", + "description": "Grants permission to get one or more models. Gets all models for the AWSaccount if no model type and no model id provided. Gets all models for the AWSaccount and model type, if the model type is specified but model id is not provided. Gets a specific model if (model type, model id) tuple is specified", "privilege": "GetModels", "resource_types": [ { @@ -72766,7 +72865,7 @@ }, { "access_level": "Read", - "description": "Grants permission to return the descriptions of all backups owned by your AWS account in the AWS Region of the endpoint that you're calling", + "description": "Grants permission to return the descriptions of all backups owned by your AWSaccount in the AWSRegion of the endpoint that you're calling", "privilege": "DescribeBackups", "resource_types": [ { @@ -72778,7 +72877,7 @@ }, { "access_level": "Read", - "description": "Grants permission to return the descriptions of all data repository task owned by your AWS account in the AWS Region of the endpoint that you're calling", + "description": "Grants permission to return the descriptions of all data repository task owned by your AWSaccount in the AWSRegion of the endpoint that you're calling", "privilege": "DescribeDataRepositoryTasks", "resource_types": [ { @@ -72802,7 +72901,7 @@ }, { "access_level": "Read", - "description": "Grants permission to return the descriptions of all file systems owned by your AWS account in the AWS Region of the endpoint that you're calling", + "description": "Grants permission to return the descriptions of all file systems owned by your AWSaccount in the AWSRegion of the endpoint that you're calling", "privilege": "DescribeFileSystems", "resource_types": [ { @@ -73181,7 +73280,7 @@ }, { "access_level": "Write", - "description": "Grants permission to allow GameLift to create or delete a peering connection between a GameLift fleet VPC and a VPC on another AWS account", + "description": "Grants permission to allow GameLift to create or delete a peering connection between a GameLift fleet VPC and a VPC on another AWSaccount", "privilege": "CreateVpcPeeringAuthorization", "resource_types": [ { @@ -75379,7 +75478,7 @@ }, { "access_level": "List", - "description": "This operation lists the provisioned capacity for the specified AWS account.", + "description": "This operation lists the provisioned capacity for the specified AWSaccount.", "privilege": "ListProvisionedCapacity", "resource_types": [ { @@ -75415,7 +75514,7 @@ }, { "access_level": "Write", - "description": "This operation purchases a provisioned capacity unit for an AWS account.", + "description": "This operation purchases a provisioned capacity unit for an AWSaccount.", "privilege": "PurchaseProvisionedCapacity", "resource_types": [ { @@ -75859,7 +75958,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the custom routing accelerators for an AWS account.", + "description": "Grants permission to list the custom routing accelerators for an AWSaccount.", "privilege": "ListCustomRoutingAccelerators", "resource_types": [ { @@ -81711,7 +81810,7 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a lists of all of the GuardDuty membership invitations that were sent to an AWS account", + "description": "Grants permission to retrieve a lists of all of the GuardDuty membership invitations that were sent to an AWSaccount", "privilege": "ListInvitations", "resource_types": [ { @@ -82253,7 +82352,23 @@ "service_name": "AWS Health APIs and Notifications" }, { - "conditions": [], + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access based on tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access based on the presence of tag keys in the request", + "type": "String" + } + ], "prefix": "healthlake", "privileges": [ { @@ -82262,7 +82377,10 @@ "privilege": "CreateFHIRDatastore", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -82342,7 +82460,7 @@ }, { "access_level": "Read", - "description": "Grants permission to lists all FHIR datastores that are in the user\u2019s account, regardless of datastore status", + "description": "Grants permission to get the capabilities of a FHIR datastore", "privilege": "GetCapabilities", "resource_types": [ { @@ -82364,6 +82482,42 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to get a list of export jobs for the specified datastore", + "privilege": "ListFHIRExportJobs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datastore*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a list of import jobs for the specified datastore", + "privilege": "ListFHIRImportJobs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datastore*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a list of tags for the specified datastore", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datastore" + } + ] + }, { "access_level": "Read", "description": "Grants permission to read resource", @@ -82424,6 +82578,46 @@ } ] }, + { + "access_level": "Tagging", + "description": "Grants permission to add tags to a datastore", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datastore" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove tags associated with a datastore", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datastore" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update resource", @@ -82440,7 +82634,9 @@ "resources": [ { "arn": "arn:${Partition}:healthlake:${Region}:${AccountId}:datastore/fhir/${DatastoreId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "datastore" } ], @@ -82965,7 +83161,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create an alias for your AWS account", + "description": "Grants permission to create an alias for your AWSaccount", "privilege": "CreateAccountAlias", "resource_types": [ { @@ -83210,7 +83406,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the specified AWS account alias", + "description": "Grants permission to delete the specified AWSaccount alias", "privilege": "DeleteAccountAlias", "resource_types": [ { @@ -83222,7 +83418,7 @@ }, { "access_level": "Permissions management", - "description": "Grants permission to delete the password policy for the AWS account", + "description": "Grants permission to delete the password policy for the AWSaccount", "privilege": "DeleteAccountPasswordPolicy", "resource_types": [ { @@ -83578,7 +83774,7 @@ }, { "access_level": "Read", - "description": "Grants permission to generate a credential report for the AWS account", + "description": "Grants permission to generate a credential report for the AWSaccount", "privilege": "GenerateCredentialReport", "resource_types": [ { @@ -83655,7 +83851,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve information about all IAM users, groups, roles, and policies in your AWS account, including their relationships to one another", + "description": "Grants permission to retrieve information about all IAM users, groups, roles, and policies in your AWSaccount, including their relationships to one another", "privilege": "GetAccountAuthorizationDetails", "resource_types": [ { @@ -83667,7 +83863,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve the password policy for the AWS account", + "description": "Grants permission to retrieve the password policy for the AWSaccount", "privilege": "GetAccountPasswordPolicy", "resource_types": [ { @@ -83679,7 +83875,7 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve information about IAM entity usage and IAM quotas in the AWS account", + "description": "Grants permission to retrieve information about IAM entity usage and IAM quotas in the AWSaccount", "privilege": "GetAccountSummary", "resource_types": [ { @@ -83725,7 +83921,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve a credential report for the AWS account", + "description": "Grants permission to retrieve a credential report for the AWSaccount", "privilege": "GetCredentialReport", "resource_types": [ { @@ -83965,7 +84161,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the account alias that is associated with the AWS account", + "description": "Grants permission to list the account alias that is associated with the AWSaccount", "privilege": "ListAccountAliases", "resource_types": [ { @@ -84133,7 +84329,7 @@ }, { "access_level": "List", - "description": "Grants permission to list information about the IAM OpenID Connect (OIDC) provider resource objects that are defined in the AWS account", + "description": "Grants permission to list information about the IAM OpenID Connect (OIDC) provider resource objects that are defined in the AWSaccount", "privilege": "ListOpenIDConnectProviders", "resource_types": [ { @@ -84921,7 +85117,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update the password policy settings for the AWS account", + "description": "Grants permission to update the password policy settings for the AWSaccount", "privilege": "UpdateAccountPasswordPolicy", "resource_types": [ { @@ -85089,7 +85285,7 @@ }, { "access_level": "Write", - "description": "Grants permission to upload a server certificate entity for the AWS account", + "description": "Grants permission to upload a server certificate entity for the AWSaccount", "privilege": "UploadServerCertificate", "resource_types": [ { @@ -86436,7 +86632,7 @@ }, { "access_level": "Read", - "description": "Grants permission to describe the IAM role that enables Amazon Inspector to access your AWS account", + "description": "Grants permission to describe the IAM role that enables Amazon Inspector to access your AWSaccount", "privilege": "DescribeCrossAccountAccessRole", "resource_types": [ { @@ -86556,7 +86752,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the ARNs of the assessment targets within this AWS account", + "description": "Grants permission to list the ARNs of the assessment targets within this AWSaccount", "privilege": "ListAssessmentTargets", "resource_types": [ { @@ -87673,7 +87869,7 @@ }, { "access_level": "Write", - "description": "Grants permission to deletes the specified custom metric from your AWS account.", + "description": "Grants permission to deletes the specified custom metric from your AWSaccount.", "privilege": "DeleteCustomMetric", "resource_types": [ { @@ -87685,7 +87881,7 @@ }, { "access_level": "Write", - "description": "Grants permission to remove the specified dimension from your AWS account.", + "description": "Grants permission to remove the specified dimension from your AWSaccount.", "privilege": "DeleteDimension", "resource_types": [ { @@ -87774,7 +87970,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a defined mitigation action from your AWS account.", + "description": "Grants permission to delete a defined mitigation action from your AWSaccount.", "privilege": "DeleteMitigationAction", "resource_types": [ { @@ -88120,7 +88316,7 @@ }, { "access_level": "Read", - "description": "Grants permission to describe a custom metric that is defined in your AWS account.", + "description": "Grants permission to describe a custom metric that is defined in your AWSaccount.", "privilege": "DescribeCustomMetric", "resource_types": [ { @@ -88156,7 +88352,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get details about a dimension that is defined in your AWS account.", + "description": "Grants permission to get details about a dimension that is defined in your AWSaccount.", "privilege": "DescribeDimension", "resource_types": [ { @@ -88180,7 +88376,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get a unique endpoint specific to the AWS account making the call.", + "description": "Grants permission to get a unique endpoint specific to the AWSaccount making the call.", "privilege": "DescribeEndpoint", "resource_types": [ { @@ -88834,7 +89030,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the CA certificates registered for your AWS account.", + "description": "Grants permission to list the CA certificates registered for your AWSaccount.", "privilege": "ListCACertificates", "resource_types": [ { @@ -88870,7 +89066,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the custom metrics in your AWS account.", + "description": "Grants permission to list the custom metrics in your AWSaccount.", "privilege": "ListCustomMetrics", "resource_types": [ { @@ -88906,7 +89102,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the dimensions that are defined for your AWS account.", + "description": "Grants permission to list the dimensions that are defined for your AWSaccount.", "privilege": "ListDimensions", "resource_types": [ { @@ -88918,7 +89114,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the domain configuration created by your AWS account.", + "description": "Grants permission to list the domain configuration created by your AWSaccount.", "privilege": "ListDomainConfigurations", "resource_types": [ { @@ -89122,7 +89318,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the fleet provisioning templates in your AWS account.", + "description": "Grants permission to list the fleet provisioning templates in your AWSaccount.", "privilege": "ListProvisioningTemplates", "resource_types": [ { @@ -89960,7 +90156,7 @@ }, { "access_level": "Write", - "description": "Grants permission to transfer the specified certificate to the specified AWS account.", + "description": "Grants permission to transfer the specified certificate to the specified AWSaccount.", "privilege": "TransferCertificate", "resource_types": [ { @@ -92980,7 +93176,7 @@ }, { "access_level": "Read", - "description": "Grants permission to describe the default encryption configuration for the AWS account", + "description": "Grants permission to describe the default encryption configuration for the AWSaccount", "privilege": "DescribeDefaultEncryptionConfiguration", "resource_types": [ { @@ -93016,7 +93212,7 @@ }, { "access_level": "Read", - "description": "Grants permission to describe logging options for the AWS account", + "description": "Grants permission to describe logging options for the AWSaccount", "privilege": "DescribeLoggingOptions", "resource_types": [ { @@ -93286,7 +93482,7 @@ }, { "access_level": "Write", - "description": "Grants permission to set the default encryption configuration for the AWS account", + "description": "Grants permission to set the default encryption configuration for the AWSaccount", "privilege": "PutDefaultEncryptionConfiguration", "resource_types": [ { @@ -93298,7 +93494,7 @@ }, { "access_level": "Write", - "description": "Grants permission to set logging options for the AWS account", + "description": "Grants permission to set logging options for the AWSaccount", "privilege": "PutLoggingOptions", "resource_types": [ { @@ -94385,7 +94581,7 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate an AWS account from a partner account", + "description": "Grants permission to disassociate an AWSaccount from a partner account", "privilege": "DisassociateAwsAccountFromPartnerAccount", "resource_types": [ { @@ -94637,7 +94833,7 @@ }, { "access_level": "List", - "description": "List information of available Destinations based on the AWS account.", + "description": "List information of available Destinations based on the AWSaccount.", "privilege": "ListDestinations", "resource_types": [ { @@ -94649,7 +94845,7 @@ }, { "access_level": "List", - "description": "Grants permission to list information of available DeviceProfiles based on the AWS account", + "description": "Grants permission to list information of available DeviceProfiles based on the AWSaccount", "privilege": "ListDeviceProfiles", "resource_types": [ { @@ -94673,7 +94869,7 @@ }, { "access_level": "List", - "description": "Grants permission to list information of available ServiceProfiles based on the AWS account", + "description": "Grants permission to list information of available ServiceProfiles based on the AWSaccount", "privilege": "ListServiceProfiles", "resource_types": [ { @@ -94727,7 +94923,7 @@ }, { "access_level": "List", - "description": "Grants permission to list information of available WirelessDevices based on the AWS account", + "description": "Grants permission to list information of available WirelessDevices based on the AWSaccount", "privilege": "ListWirelessDevices", "resource_types": [ { @@ -94739,7 +94935,7 @@ }, { "access_level": "List", - "description": "Grants permission to list information of available WirelessGateway task definitions based on the AWS account", + "description": "Grants permission to list information of available WirelessGateway task definitions based on the AWSaccount", "privilege": "ListWirelessGatewayTaskDefinitions", "resource_types": [ { @@ -94751,7 +94947,7 @@ }, { "access_level": "List", - "description": "Grants permission to list information of available WirelessGateways based on the AWS account", + "description": "Grants permission to list information of available WirelessGateways based on the AWSaccount", "privilege": "ListWirelessGateways", "resource_types": [ { @@ -96344,6 +96540,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "BatchGetDocumentStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grant permission to batch put document", @@ -97637,6 +97845,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribeApplicationVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to discover the input schema for the application", @@ -97697,6 +97917,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "RollbackApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to start the application", @@ -97903,6 +98135,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "DescribeApplicationVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Discovers the input schema for the application.", @@ -97963,6 +98207,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "RollbackApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Starts the application.", @@ -98524,7 +98780,7 @@ }, { "condition": "kms:CallerAccount", - "description": "Filters access to specified AWS KMS operations based on the AWS account ID of the caller. You can use this condition key to allow or deny access to all IAM users and roles in an AWS account in a single policy statement", + "description": "Filters access to specified AWS KMS operations based on the AWSaccount ID of the caller. You can use this condition key to allow or deny access to all IAM users and roles in an AWSaccount in a single policy statement", "type": "String" }, { @@ -100201,7 +100457,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view details about an account's limits and usage in an AWS Region", + "description": "Grants permission to view details about an account's limits and usage in an AWSRegion", "privilege": "GetAccountSettings", "resource_types": [ { @@ -103275,7 +103531,7 @@ }, { "access_level": "Write", - "description": "Copies a snapshot from one AWS Region to another in Amazon Lightsail", + "description": "Copies a snapshot from one AWSRegion to another in Amazon Lightsail", "privilege": "CopySnapshot", "resource_types": [ { @@ -103958,7 +104214,7 @@ }, { "access_level": "Write", - "description": "Downloads the default key pair used to authenticate and connect to instances in a specific AWS Region", + "description": "Downloads the default key pair used to authenticate and connect to instances in a specific AWSRegion", "privilege": "DownloadDefaultKeyPair", "resource_types": [ { @@ -104535,7 +104791,7 @@ }, { "access_level": "Read", - "description": "Returns a list of all valid AWS Regions for Amazon Lightsail", + "description": "Returns a list of all valid AWSRegions for Amazon Lightsail", "privilege": "GetRegions", "resource_types": [ { @@ -105466,7 +105722,7 @@ }, { "access_level": "List", - "description": "Returns all the destinations that are associated with the AWS account making the request", + "description": "Returns all the destinations that are associated with the AWSaccount making the request", "privilege": "DescribeDestinations", "resource_types": [ { @@ -105478,7 +105734,7 @@ }, { "access_level": "List", - "description": "Returns all the export tasks that are associated with the AWS account making the request", + "description": "Returns all the export tasks that are associated with the AWSaccount making the request", "privilege": "DescribeExportTasks", "resource_types": [ { @@ -105490,7 +105746,7 @@ }, { "access_level": "List", - "description": "Returns all the log groups that are associated with the AWS account making the request", + "description": "Returns all the log groups that are associated with the AWSaccount making the request", "privilege": "DescribeLogGroups", "resource_types": [ { @@ -107470,7 +107726,7 @@ "privileges": [ { "access_level": "Write", - "description": "Enables the user to associate a specified AWS account with Amazon Macie as a member account.", + "description": "Enables the user to associate a specified AWSaccount with Amazon Macie as a member account.", "privilege": "AssociateMemberAccount", "resource_types": [ { @@ -108520,7 +108776,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the invitations extended to the active AWS account from any Managed Blockchain network", + "description": "Grants permission to list the invitations extended to the active AWSaccount from any Managed Blockchain network", "privilege": "ListInvitations", "resource_types": [ { @@ -108544,7 +108800,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the Amazon Managed Blockchain networks in which the current AWS account participates", + "description": "Grants permission to list the Amazon Managed Blockchain networks in which the current AWSaccount participates", "privilege": "ListNetworks", "resource_types": [ { @@ -108828,7 +109084,7 @@ } ], "resources": [], - "service_name": "AWS Marketplace Commerce Analytics Service" + "service_name": "AWSMarketplace Commerce Analytics Service" }, { "conditions": [], @@ -109456,7 +109712,7 @@ }, { "access_level": "List", - "description": "Grants permission to display a list of all offerings that are available to the account in the current AWS Region", + "description": "Grants permission to display a list of all offerings that are available to the account in the current AWSRegion", "privilege": "ListOfferings", "resource_types": [ { @@ -109468,7 +109724,7 @@ }, { "access_level": "List", - "description": "Grants permission to display a list of all reservations that have been purchased by the account in the current AWS Region", + "description": "Grants permission to display a list of all reservations that have been purchased by the account in the current AWSRegion", "privilege": "ListReservations", "resource_types": [ { @@ -111368,6 +111624,18 @@ ], "prefix": "mediapackage-vod", "privileges": [ + { + "access_level": "Unknown", + "description": "", + "privilege": "ConfigureLogs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create an asset in AWS Elemental MediaPackage", @@ -119473,7 +119741,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create an AWS account that is automatically a member of the organization with the credentials that made the request.", + "description": "Grants permission to create an AWSaccount that is automatically a member of the organization with the credentials that made the request.", "privilege": "CreateAccount", "resource_types": [ { @@ -119540,7 +119808,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create a policy that you can attach to a root, an organizational unit (OU), or an individual AWS account.", + "description": "Grants permission to create a policy that you can attach to a root, an organizational unit (OU), or an individual AWSaccount.", "privilege": "CreatePolicy", "resource_types": [ { @@ -119611,7 +119879,7 @@ }, { "access_level": "Write", - "description": "Grants permission to deregister the specified member AWS account as a delegated administrator for the AWS service that is specified by ServicePrincipal.", + "description": "Grants permission to deregister the specified member AWSaccount as a delegated administrator for the AWS service that is specified by ServicePrincipal.", "privilege": "DeregisterDelegatedAdministrator", "resource_types": [ { @@ -119840,7 +120108,7 @@ }, { "access_level": "Write", - "description": "Grants permission to send an invitation to another AWS account, asking it to join your organization as a member account.", + "description": "Grants permission to send an invitation to another AWSaccount, asking it to join your organization as a member account.", "privilege": "InviteAccountToOrganization", "resource_types": [ { @@ -120392,7 +120660,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the Outposts for your AWS account", + "description": "Grants permission to list the Outposts for your AWSaccount", "privilege": "ListOutposts", "resource_types": [ { @@ -120404,7 +120672,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the sites for your AWS account", + "description": "Grants permission to list the sites for your AWSaccount", "privilege": "ListSites", "resource_types": [ { @@ -121842,7 +122110,7 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permissions to delete the specified pronunciation lexicon stored in an AWS Region", + "description": "Grants permissions to delete the specified pronunciation lexicon stored in an AWSRegion", "privilege": "DeleteLexicon", "resource_types": [ { @@ -121866,7 +122134,7 @@ }, { "access_level": "Read", - "description": "Grants permissions to retrieve the content of the specified pronunciation lexicon stored in an AWS Region", + "description": "Grants permissions to retrieve the content of the specified pronunciation lexicon stored in an AWSRegion", "privilege": "GetLexicon", "resource_types": [ { @@ -121890,7 +122158,7 @@ }, { "access_level": "List", - "description": "Grants permisions to list the pronunciation lexicons stored in an AWS Region", + "description": "Grants permisions to list the pronunciation lexicons stored in an AWSRegion", "privilege": "ListLexicons", "resource_types": [ { @@ -121914,7 +122182,7 @@ }, { "access_level": "Write", - "description": "Grants permissions to store a pronunciation lexicon in an AWS Region", + "description": "Grants permissions to store a pronunciation lexicon in an AWSRegion", "privilege": "PutLexicon", "resource_types": [ { @@ -122309,6 +122577,18 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "MergeProfiles", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to put a integration in a domain", @@ -122484,42 +122764,85 @@ "condition": "aws:TagKeys", "description": "Filters actions based on the presence of tag keys in the request", "type": "String" + }, + { + "condition": "proton:EnvironmentTemplate", + "description": "Filters actions based on specified environment template related to resource", + "type": "String" + }, + { + "condition": "proton:ServiceTemplate", + "description": "Filters actions based on specified service template related to resource", + "type": "String" } ], "prefix": "proton", "privileges": [ { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to reject an environment account connection request from another environment account.", + "privilege": "AcceptEnvironmentAccountConnection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment-account-connection*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to cancel an environment deployment", "privilege": "CancelEnvironmentDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "environment*" + }, + { + "condition_keys": [ + "proton:EnvironmentTemplate" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to cancel a service instance deployment", "privilege": "CancelServiceInstanceDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "service-instance*" + }, + { + "condition_keys": [ + "proton:ServiceTemplate" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to cancel a service pipeline deployment", "privilege": "CancelServicePipelineDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "proton:ServiceTemplate" + ], + "dependent_actions": [], "resource_type": "" } ] @@ -122539,13 +122862,26 @@ { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "proton:EnvironmentTemplate" ], "dependent_actions": [], "resource_type": "" } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an environment account connection", + "privilege": "CreateEnvironmentAccountConnection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create an environment template", @@ -122568,7 +122904,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create an environment template major version", + "description": "DEPRECATED - use CreateEnvironmentTemplateVersion instead", "privilege": "CreateEnvironmentTemplateMajorVersion", "resource_types": [ { @@ -122588,7 +122924,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create an environment template minor version", + "description": "DEPRECATED - use CreateEnvironmentTemplateVersion instead", "privilege": "CreateEnvironmentTemplateMinorVersion", "resource_types": [ { @@ -122606,6 +122942,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an environment template version", + "privilege": "CreateEnvironmentTemplateVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment-template*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a service", @@ -122621,7 +122977,8 @@ { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "proton:ServiceTemplate" ], "dependent_actions": [], "resource_type": "" @@ -122650,7 +123007,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create a service template major version", + "description": "DEPRECATED - use CreateServiceTemplateVersion instead", "privilege": "CreateServiceTemplateMajorVersion", "resource_types": [ { @@ -122670,7 +123027,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create a service template minor version", + "description": "DEPRECATED - use CreateServiceTemplateVersion instead", "privilege": "CreateServiceTemplateMinorVersion", "resource_types": [ { @@ -122690,7 +123047,27 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the account role settings", + "description": "Grants permission to create a service template version", + "privilege": "CreateServiceTemplateVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-template*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "DEPRECATED - use UpdateAccountSettings instead", "privilege": "DeleteAccountRoles", "resource_types": [ { @@ -122709,6 +123086,25 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "environment*" + }, + { + "condition_keys": [ + "proton:EnvironmentTemplate" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an environment account connection", + "privilege": "DeleteEnvironmentAccountConnection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment-account-connection*" } ] }, @@ -122726,7 +123122,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an environment template major version", + "description": "DEPRECATED - use DeleteEnvironmentTemplateVersion instead", "privilege": "DeleteEnvironmentTemplateMajorVersion", "resource_types": [ { @@ -122738,7 +123134,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an environment template minor version", + "description": "DEPRECATED - use DeleteEnvironmentTemplateVersion instead", "privilege": "DeleteEnvironmentTemplateMinorVersion", "resource_types": [ { @@ -122749,14 +123145,14 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to delete an environment template version", "privilege": "DeleteEnvironmentTemplateVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment-template*" } ] }, @@ -122769,6 +123165,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "service*" + }, + { + "condition_keys": [ + "proton:ServiceTemplate" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -122786,7 +123189,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a service template major version", + "description": "DEPRECATED - use DeleteServiceTemplateVersion instead", "privilege": "DeleteServiceTemplateMajorVersion", "resource_types": [ { @@ -122798,7 +123201,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a service template minor version", + "description": "DEPRECATED - use DeleteServiceTemplateVersion instead", "privilege": "DeleteServiceTemplateMinorVersion", "resource_types": [ { @@ -122809,20 +123212,20 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to delete a service template version", "privilege": "DeleteServiceTemplateVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "service-template*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the account role settings", + "description": "DEPRECATED - use GetAccountSettings instead", "privilege": "GetAccountRoles", "resource_types": [ { @@ -122833,8 +123236,8 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to describe the account settings", "privilege": "GetAccountSettings", "resource_types": [ { @@ -122856,6 +123259,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe an environment account connection", + "privilege": "GetEnvironmentAccountConnection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment-account-connection*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe an environment template", @@ -122870,7 +123285,7 @@ }, { "access_level": "Read", - "description": "Grants permission to describe an environment template major version", + "description": "DEPRECATED - use GetEnvironmentTemplateVersion instead", "privilege": "GetEnvironmentTemplateMajorVersion", "resource_types": [ { @@ -122882,7 +123297,7 @@ }, { "access_level": "Read", - "description": "Grants permission to describe an environment template minor version", + "description": "DEPRECATED - use GetEnvironmentTemplateVersion instead", "privilege": "GetEnvironmentTemplateMinorVersion", "resource_types": [ { @@ -122893,14 +123308,14 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to describe an environment template version", "privilege": "GetEnvironmentTemplateVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment-template*" } ] }, @@ -122942,7 +123357,7 @@ }, { "access_level": "Read", - "description": "Grants permission to describe a service template major version", + "description": "DEPRECATED - use GetServiceTemplateVersion instead", "privilege": "GetServiceTemplateMajorVersion", "resource_types": [ { @@ -122954,7 +123369,7 @@ }, { "access_level": "Read", - "description": "Grants permission to describe a service template minor version", + "description": "DEPRECATED - use GetServiceTemplateVersion instead", "privilege": "GetServiceTemplateMinorVersion", "resource_types": [ { @@ -122965,32 +123380,32 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Read", + "description": "Grants permission to describe a service template version", "privilege": "GetServiceTemplateVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "service-template*" } ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "List", + "description": "Grants permission to list environment account connections", "privilege": "ListEnvironmentAccountConnections", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment-account-connection*" } ] }, { "access_level": "List", - "description": "Grants permission to list environment template major versions", + "description": "DEPRECATED - use ListEnvironmentTemplateVersions instead", "privilege": "ListEnvironmentTemplateMajorVersions", "resource_types": [ { @@ -123002,7 +123417,7 @@ }, { "access_level": "List", - "description": "Grants permission to list environment template minor versions", + "description": "DEPRECATED - use ListEnvironmentTemplateVersions instead", "privilege": "ListEnvironmentTemplateMinorVersions", "resource_types": [ { @@ -123013,14 +123428,14 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "List", + "description": "Grants permission to list environment template versions", "privilege": "ListEnvironmentTemplateVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment-template*" } ] }, @@ -123062,7 +123477,7 @@ }, { "access_level": "List", - "description": "Grants permission to list service template major versions", + "description": "DEPRECATED - use ListServiceTemplateVersions instead", "privilege": "ListServiceTemplateMajorVersions", "resource_types": [ { @@ -123074,7 +123489,7 @@ }, { "access_level": "List", - "description": "Grants permission to list service template minor versions", + "description": "DEPRECATED - use ListServiceTemplateVersions instead", "privilege": "ListServiceTemplateMinorVersions", "resource_types": [ { @@ -123085,14 +123500,14 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "List", + "description": "Grants permission to list service template versions", "privilege": "ListServiceTemplateVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "service-template*" } ] }, @@ -123145,6 +123560,11 @@ "dependent_actions": [], "resource_type": "environment-template-minor-version" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment-template-version" + }, { "condition_keys": [], "dependent_actions": [], @@ -123169,6 +123589,23 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "service-template-minor-version" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-template-version" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reject an environment account connection request from another environment account.", + "privilege": "RejectEnvironmentAccountConnection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment-account-connection*" } ] }, @@ -123197,6 +123634,11 @@ "dependent_actions": [], "resource_type": "environment-template-minor-version" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment-template-version" + }, { "condition_keys": [], "dependent_actions": [], @@ -123222,6 +123664,11 @@ "dependent_actions": [], "resource_type": "service-template-minor-version" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-template-version" + }, { "condition_keys": [ "aws:TagKeys", @@ -123257,6 +123704,11 @@ "dependent_actions": [], "resource_type": "environment-template-minor-version" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment-template-version" + }, { "condition_keys": [], "dependent_actions": [], @@ -123282,6 +123734,11 @@ "dependent_actions": [], "resource_type": "service-template-minor-version" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-template-version" + }, { "condition_keys": [ "aws:TagKeys" @@ -123293,7 +123750,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update the account role settings", + "description": "DEPRECATED - use UpdateAccountSettings instead", "privilege": "UpdateAccountRoles", "resource_types": [ { @@ -123306,13 +123763,15 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to update the account settings", "privilege": "UpdateAccountSettings", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "" } ] @@ -123328,6 +123787,25 @@ "iam:PassRole" ], "resource_type": "environment*" + }, + { + "condition_keys": [ + "proton:EnvironmentTemplate" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an environment account connection", + "privilege": "UpdateEnvironmentAccountConnection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment-account-connection*" } ] }, @@ -123345,7 +123823,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update an environment template major version", + "description": "DEPRECATED - use UpdateEnvironmentTemplateVersion instead", "privilege": "UpdateEnvironmentTemplateMajorVersion", "resource_types": [ { @@ -123357,7 +123835,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update an environment template minor version", + "description": "DEPRECATED - use UpdateEnvironmentTemplateVersion instead", "privilege": "UpdateEnvironmentTemplateMinorVersion", "resource_types": [ { @@ -123368,14 +123846,14 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to update an environment template version", "privilege": "UpdateEnvironmentTemplateVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment-template*" } ] }, @@ -123388,6 +123866,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "service*" + }, + { + "condition_keys": [ + "proton:ServiceTemplate" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -123400,6 +123885,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "service-instance*" + }, + { + "condition_keys": [ + "proton:ServiceTemplate" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -123412,6 +123904,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "service*" + }, + { + "condition_keys": [ + "proton:ServiceTemplate" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -123429,7 +123928,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update a service template major version", + "description": "DEPRECATED - use UpdateServiceTemplateVersion instead", "privilege": "UpdateServiceTemplateMajorVersion", "resource_types": [ { @@ -123441,7 +123940,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update a service template minor version", + "description": "DEPRECATED - use UpdateServiceTemplateVersion instead", "privilege": "UpdateServiceTemplateMinorVersion", "resource_types": [ { @@ -123452,26 +123951,33 @@ ] }, { - "access_level": "Unknown", - "description": "", + "access_level": "Write", + "description": "Grants permission to update a service template version", "privilege": "UpdateServiceTemplateVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "service-template*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:proton:${Region}:${Account}:environment-template/${TemplateName}", + "arn": "arn:${Partition}:proton:${Region}:${Account}:environment-template/${Name}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "environment-template" }, + { + "arn": "arn:${Partition}:proton:${Region}:${Account}:environment-template/${TemplateName}:${MajorVersion}.${MinorVersion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "environment-template-version" + }, { "arn": "arn:${Partition}:proton:${Region}:${Account}:environment-template/${TemplateName}:${MajorVersionId}", "condition_keys": [ @@ -123487,12 +123993,19 @@ "resource": "environment-template-minor-version" }, { - "arn": "arn:${Partition}:proton:${Region}:${Account}:service-template/${TemplateName}", + "arn": "arn:${Partition}:proton:${Region}:${Account}:service-template/${Name}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "service-template" }, + { + "arn": "arn:${Partition}:proton:${Region}:${Account}:service-template/${TemplateName}:${MajorVersion}.${MinorVersion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "service-template-version" + }, { "arn": "arn:${Partition}:proton:${Region}:${Account}:service-template/${TemplateName}:${MajorVersionId}", "condition_keys": [ @@ -123508,25 +124021,30 @@ "resource": "service-template-minor-version" }, { - "arn": "arn:${Partition}:proton:${Region}:${Account}:environment/${EnvironmentName}", + "arn": "arn:${Partition}:proton:${Region}:${Account}:environment/${Name}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "environment" }, { - "arn": "arn:${Partition}:proton:${Region}:${Account}:service/${ServiceName}", + "arn": "arn:${Partition}:proton:${Region}:${Account}:service/${Name}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "service" }, { - "arn": "arn:${Partition}:proton:${Region}:${Account}:service/${ServiceName}/service-instance/${ServiceInstanceName}", + "arn": "arn:${Partition}:proton:${Region}:${Account}:service/${ServiceName}/service-instance/${Name}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "service-instance" + }, + { + "arn": "arn:${Partition}:proton:${Region}:${Account}:environment-account-connection/${Id}", + "condition_keys": [], + "resource": "environment-account-connection" } ], "service_name": "AWS Proton" @@ -124142,6 +124660,16 @@ "description": "Filters access by tag keys", "type": "String" }, + { + "condition": "quicksight:DirectoryType", + "description": "Filters access based on the user management options", + "type": "String" + }, + { + "condition": "quicksight:Edition", + "description": "Filters access based on the edition of QuickSight", + "type": "String" + }, { "condition": "quicksight:IamArn", "description": "Filters access by IAM user or role ARN", @@ -125516,7 +126044,10 @@ "privilege": "Subscribe", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "quicksight:Edition", + "quicksight:DirectoryType" + ], "dependent_actions": [], "resource_type": "" } @@ -125961,14 +126492,14 @@ "resource": "assignment" }, { - "arn": "arn:${Partition}:quicksight::${Account}:customization/${ResourceId}", + "arn": "arn:${Partition}:quicksight:${Region}:${Account}:customization/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "customization" }, { - "arn": "arn:${Partition}:quicksight::${Account}:namespace/${ResourceId}", + "arn": "arn:${Partition}:quicksight:${Region}:${Account}:namespace/${ResourceId}", "condition_keys": [], "resource": "namespace" } @@ -127537,7 +128068,7 @@ }, { "access_level": "List", - "description": "Lists the set of CA certificates provided by Amazon RDS for this AWS account", + "description": "Lists the set of CA certificates provided by Amazon RDS for this AWSaccount", "privilege": "DescribeCertificates", "resource_types": [ { @@ -128016,7 +128547,7 @@ }, { "access_level": "List", - "description": "Grants permission to return a list of the source AWS Regions where the current AWS Region can create a Read Replica or copy a DB snapshot from", + "description": "Grants permission to return a list of the source AWSRegions where the current AWSRegion can create a Read Replica or copy a DB snapshot from", "privilege": "DescribeSourceRegions", "resource_types": [ { @@ -128852,7 +129383,7 @@ }, { "access_level": "Write", - "description": "Grants permission to start replication of automated backups to a different AWS Region", + "description": "Grants permission to start replication of automated backups to a different AWSRegion", "privilege": "StartDBInstanceAutomatedBackupsReplication", "resource_types": [ { @@ -129331,7 +129862,7 @@ }, { "access_level": "Permissions management", - "description": "Grants permission to the specified AWS account to restore a snapshot", + "description": "Grants permission to the specified AWSaccount to restore a snapshot", "privilege": "AuthorizeSnapshotAccess", "resource_types": [ { @@ -129630,7 +130161,7 @@ }, { "access_level": "Permissions management", - "description": "Grants permission to create a snapshot copy grant and encrypt copied snapshots in a destination AWS Region", + "description": "Grants permission to create a snapshot copy grant and encrypt copied snapshots in a destination AWSRegion", "privilege": "CreateSnapshotCopyGrant", "resource_types": [ { @@ -130059,7 +130590,7 @@ }, { "access_level": "Read", - "description": "Grants permission to describe attributes attached to the specified AWS account", + "description": "Grants permission to describe attributes attached to the specified AWSaccount", "privilege": "DescribeAccountAttributes", "resource_types": [ { @@ -130227,7 +130758,7 @@ }, { "access_level": "Read", - "description": "Grants permission to describe Amazon Redshift event notification subscriptions for the specified AWS account", + "description": "Grants permission to describe Amazon Redshift event notification subscriptions for the specified AWSaccount", "privilege": "DescribeEventSubscriptions", "resource_types": [ { @@ -130395,7 +130926,7 @@ }, { "access_level": "Read", - "description": "Grants permission to describe snapshot copy grants owned by the specified AWS account in the destination AWS Region", + "description": "Grants permission to describe snapshot copy grants owned by the specified AWSaccount in the destination AWSRegion", "privilege": "DescribeSnapshotCopyGrants", "resource_types": [ { @@ -130626,7 +131157,7 @@ }, { "access_level": "Write", - "description": "Grants permission to get temporary credentials to access an Amazon Redshift database by the specified AWS account", + "description": "Grants permission to get temporary credentials to access an Amazon Redshift database by the specified AWSaccount", "privilege": "GetClusterCredentials", "resource_types": [ { @@ -130885,7 +131416,7 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the number of days to retain snapshots in the destination AWS Region after they are copied from the source AWS Region", + "description": "Grants permission to modify the number of days to retain snapshots in the destination AWSRegion after they are copied from the source AWSRegion", "privilege": "ModifySnapshotCopyRetentionPeriod", "resource_types": [ { @@ -131056,7 +131587,7 @@ }, { "access_level": "Permissions management", - "description": "Grants permission to revoke access from the specified AWS account to restore a snapshot", + "description": "Grants permission to revoke access from the specified AWSaccount to restore a snapshot", "privilege": "RevokeSnapshotAccess", "resource_types": [ { @@ -132085,7 +132616,7 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve the identifiers of the resources in the AWS account", + "description": "Grants permission to retrieve the identifiers of the resources in the AWSaccount", "privilege": "ListResources", "resource_types": [ { @@ -133564,7 +134095,7 @@ }, { "access_level": "Write", - "description": "Grants permission to authorize the AWS account that created a specified VPC to submit an AssociateVPCWithHostedZone request, which associates the VPC with a specified hosted zone that was created by a different account", + "description": "Grants permission to authorize the AWSaccount that created a specified VPC to submit an AssociateVPCWithHostedZone request, which associates the VPC with a specified hosted zone that was created by a different account", "privilege": "CreateVPCAssociationAuthorization", "resource_types": [ { @@ -133799,7 +134330,7 @@ }, { "access_level": "List", - "description": "Grants permission to get the number of health checks that are associated with the current AWS account", + "description": "Grants permission to get the number of health checks that are associated with the current AWSaccount", "privilege": "GetHealthCheckCount", "resource_types": [ { @@ -133847,7 +134378,7 @@ }, { "access_level": "List", - "description": "Grants permission to get the number of hosted zones that are associated with the current AWS account", + "description": "Grants permission to get the number of hosted zones that are associated with the current AWSaccount", "privilege": "GetHostedZoneCount", "resource_types": [ { @@ -133931,7 +134462,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get the number of traffic policy instances that are associated with the current AWS account", + "description": "Grants permission to get the number of traffic policy instances that are associated with the current AWSaccount", "privilege": "GetTrafficPolicyInstanceCount", "resource_types": [ { @@ -133955,7 +134486,7 @@ }, { "access_level": "List", - "description": "Grants permission to get a list of the health checks that are associated with the current AWS account", + "description": "Grants permission to get a list of the health checks that are associated with the current AWSaccount", "privilege": "ListHealthChecks", "resource_types": [ { @@ -133967,7 +134498,7 @@ }, { "access_level": "List", - "description": "Grants permission to get a list of the public and private hosted zones that are associated with the current AWS account", + "description": "Grants permission to get a list of the public and private hosted zones that are associated with the current AWSaccount", "privilege": "ListHostedZones", "resource_types": [ { @@ -134005,7 +134536,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the configurations for DNS query logging that are associated with the current AWS account or the configuration that is associated with a specified hosted zone.", + "description": "Grants permission to list the configurations for DNS query logging that are associated with the current AWSaccount or the configuration that is associated with a specified hosted zone.", "privilege": "ListQueryLoggingConfigs", "resource_types": [ { @@ -134029,7 +134560,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the reusable delegation sets that are associated with the current AWS account.", + "description": "Grants permission to list the reusable delegation sets that are associated with the current AWSaccount.", "privilege": "ListReusableDelegationSets", "resource_types": [ { @@ -134075,7 +134606,7 @@ }, { "access_level": "List", - "description": "Grants permission to get information about the latest version for every traffic policy that is associated with the current AWS account. Policies are listed in the order in which they were created.", + "description": "Grants permission to get information about the latest version for every traffic policy that is associated with the current AWSaccount. Policies are listed in the order in which they were created.", "privilege": "ListTrafficPolicies", "resource_types": [ { @@ -134087,7 +134618,7 @@ }, { "access_level": "List", - "description": "Grants permission to get information about the traffic policy instances that you created by using the current AWS account", + "description": "Grants permission to get information about the traffic policy instances that you created by using the current AWSaccount", "privilege": "ListTrafficPolicyInstances", "resource_types": [ { @@ -134256,7 +134787,7 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to accept the transfer of a domain from another AWS account to the current AWS account", + "description": "Grants permission to accept the transfer of a domain from another AWSaccount to the current AWSaccount", "privilege": "AcceptDomainTransferFromAnotherAwsAccount", "resource_types": [ { @@ -134268,7 +134799,7 @@ }, { "access_level": "Write", - "description": "Grants permission to cancel the transfer of a domain from the current AWS account to another AWS account", + "description": "Grants permission to cancel the transfer of a domain from the current AWSaccount to another AWSaccount", "privilege": "CancelDomainTransferToAnotherAwsAccount", "resource_types": [ { @@ -134412,7 +134943,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all the domain names registered with Amazon Route 53 for the current AWS account", + "description": "Grants permission to list all the domain names registered with Amazon Route 53 for the current AWSaccount", "privilege": "ListDomains", "resource_types": [ { @@ -134460,7 +134991,7 @@ }, { "access_level": "Write", - "description": "Grants permission to reject the transfer of a domain from another AWS account to the current AWS account", + "description": "Grants permission to reject the transfer of a domain from another AWSaccount to the current AWSaccount", "privilege": "RejectDomainTransferFromAnotherAwsAccount", "resource_types": [ { @@ -134520,7 +135051,7 @@ }, { "access_level": "Write", - "description": "Grants permission to transfer a domain from the current AWS account to another AWS account", + "description": "Grants permission to transfer a domain from the current AWSaccount to another AWSaccount", "privilege": "TransferDomainToAnotherAwsAccount", "resource_types": [ { @@ -134580,7 +135111,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get all the domain-related billing records for the current AWS account for a specified period", + "description": "Grants permission to get all the domain-related billing records for the current AWSaccount for a specified period", "privilege": "ViewBilling", "resource_types": [ { @@ -134908,7 +135439,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about a specified Firewall rule group policy, which specifies the Firewall rule group operations and resources that you want to allow another AWS account to use", + "description": "Grants permission to get information about a specified Firewall rule group policy, which specifies the Firewall rule group operations and resources that you want to allow another AWSaccount to use", "privilege": "GetFirewallRuleGroupPolicy", "resource_types": [ { @@ -134968,7 +135499,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about a specified Resolver query logging policy, which specifies the Resolver query logging operations and resources that you want to allow another AWS account to use", + "description": "Grants permission to get information about a specified Resolver query logging policy, which specifies the Resolver query logging operations and resources that you want to allow another AWSaccount to use", "privilege": "GetResolverQueryLogConfigPolicy", "resource_types": [ { @@ -135004,7 +135535,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about a Resolver rule policy, which specifies the Resolver operations and resources that you want to allow another AWS account to use", + "description": "Grants permission to get information about a Resolver rule policy, which specifies the Resolver operations and resources that you want to allow another AWSaccount to use", "privilege": "GetResolverRulePolicy", "resource_types": [ { @@ -135028,7 +135559,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all the Firewall config that current AWS account is able to check", + "description": "Grants permission to list all the Firewall config that current AWSaccount is able to check", "privilege": "ListFirewallConfigs", "resource_types": [ { @@ -135042,7 +135573,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all the Firewall domain list that current AWS account is able to use", + "description": "Grants permission to list all the Firewall domain list that current AWSaccount is able to use", "privilege": "ListFirewallDomainLists", "resource_types": [ { @@ -135078,7 +135609,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all the Firewall rule group that current AWS account is able to use", + "description": "Grants permission to list all the Firewall rule group that current AWSaccount is able to use", "privilege": "ListFirewallRuleGroups", "resource_types": [ { @@ -135126,7 +135657,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all the Resolver endpoints that were created using the current AWS account", + "description": "Grants permission to list all the Resolver endpoints that were created using the current AWSaccount", "privilege": "ListResolverEndpoints", "resource_types": [ { @@ -135162,7 +135693,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the associations that were created between Resolver rules and VPCs using the current AWS account", + "description": "Grants permission to list the associations that were created between Resolver rules and VPCs using the current AWSaccount", "privilege": "ListResolverRuleAssociations", "resource_types": [ { @@ -135174,7 +135705,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the Resolver rules that were created using the current AWS account", + "description": "Grants permission to list the Resolver rules that were created using the current AWSaccount", "privilege": "ListResolverRules", "resource_types": [ { @@ -135203,7 +135734,7 @@ }, { "access_level": "Write", - "description": "Grants permission to specify an AWS account that you want to share a Firewall rule group with, the Firewall rule group that you want to share, and the operations that you want the account to be able to perform on the configuration", + "description": "Grants permission to specify an AWSaccount that you want to share a Firewall rule group with, the Firewall rule group that you want to share, and the operations that you want the account to be able to perform on the configuration", "privilege": "PutFirewallRuleGroupPolicy", "resource_types": [ { @@ -135215,7 +135746,7 @@ }, { "access_level": "Write", - "description": "Grants permission to specify an AWS account that you want to share a query logging configuration with, the query logging configuration that you want to share, and the operations that you want the account to be able to perform on the configuration", + "description": "Grants permission to specify an AWSaccount that you want to share a query logging configuration with, the query logging configuration that you want to share, and the operations that you want the account to be able to perform on the configuration", "privilege": "PutResolverQueryLogConfigPolicy", "resource_types": [ { @@ -135227,7 +135758,7 @@ }, { "access_level": "Write", - "description": "Grants permission to specify an AWS account that you want to share rules with, the Resolver rules that you want to share, and the operations that you want the account to be able to perform on those rules", + "description": "Grants permission to specify an AWSaccount that you want to share rules with, the Resolver rules that you want to share, and the operations that you want the account to be able to perform on those rules", "privilege": "PutResolverRulePolicy", "resource_types": [ { @@ -135497,7 +136028,7 @@ }, { "condition": "s3:ResourceAccount", - "description": "Filters access by the resource owner AWS account ID", + "description": "Filters access by the resource owner AWSaccount ID", "type": "String" }, { @@ -136446,7 +136977,7 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve the PublicAccessBlock configuration for an AWS account", + "description": "Grants permission to retrieve the PublicAccessBlock configuration for an AWSaccount", "privilege": "GetAccountPublicAccessBlock", "resource_types": [ { @@ -137689,7 +138220,7 @@ }, { "access_level": "Permissions management", - "description": "Grants permission to create or modify the PublicAccessBlock configuration for an AWS account", + "description": "Grants permission to create or modify the PublicAccessBlock configuration for an AWSaccount", "privilege": "PutAccountPublicAccessBlock", "resource_types": [ { @@ -143292,7 +143823,7 @@ }, { "access_level": "List", - "description": "Returns a list of the Amazon SageMaker notebook instances in the requester's account in an AWS Region.", + "description": "Returns a list of the Amazon SageMaker notebook instances in the requester's account in an AWSRegion.", "privilege": "ListNotebookInstances", "resource_types": [ { @@ -145447,7 +145978,7 @@ }, { "condition": "secretsmanager:BlockPublicPolicy", - "description": "Filters access by whether the resource policy blocks broad AWS account access.", + "description": "Filters access by whether the resource policy blocks broad AWSaccount access.", "type": "Boolean" }, { @@ -147274,7 +147805,7 @@ }, { "access_level": "Permissions management", - "description": "Grants permission to share a portfolio you own with another AWS account", + "description": "Grants permission to share a portfolio you own with another AWSaccount", "privilege": "CreatePortfolioShare", "resource_types": [ { @@ -147402,7 +147933,7 @@ }, { "access_level": "Permissions management", - "description": "Grants permission to unshare a portfolio you own from an AWS account you previously shared the portfolio with", + "description": "Grants permission to unshare a portfolio you own from an AWSaccount you previously shared the portfolio with", "privilege": "DeletePortfolioShare", "resource_types": [ { @@ -148853,6 +149384,30 @@ } ] }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UpdatePrivateDnsNamespace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Unknown", + "description": "", + "privilege": "UpdatePublicDnsNamespace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the settings in a specified service", @@ -148882,7 +149437,7 @@ "resource": "service" } ], - "service_name": "AWS Cloud Map" + "service_name": "AWSCloud Map" }, { "conditions": [ @@ -152364,7 +152919,7 @@ }, { "access_level": "Write", - "description": "Grants permission to authorize the DDoS Response team using the specified role, to access your AWS account to assist with DDoS attack mitigation during potential attacks", + "description": "Grants permission to authorize the DDoS Response team using the specified role, to access your AWSaccount to assist with DDoS attack mitigation during potential attacks", "privilege": "AssociateDRTRole", "resource_types": [ { @@ -152529,7 +153084,7 @@ }, { "access_level": "Read", - "description": "Grants permission to describe the current role and list of Amazon S3 log buckets used by the DDoS Response team to access your AWS account while assisting with attack mitigation", + "description": "Grants permission to describe the current role and list of Amazon S3 log buckets used by the DDoS Response team to access your AWSaccount while assisting with attack mitigation", "privilege": "DescribeDRTAccess", "resource_types": [ { @@ -152631,7 +153186,7 @@ }, { "access_level": "Write", - "description": "Grants permission to remove the DDoS Response team's access to your AWS account", + "description": "Grants permission to remove the DDoS Response team's access to your AWSaccount", "privilege": "DisassociateDRTRole", "resource_types": [ { @@ -153700,7 +154255,7 @@ }, { "access_level": "Read", - "description": "Return a list of configuration sets. This operation only returns the configuration sets that are associated with your account in the current AWS Region.", + "description": "Return a list of configuration sets. This operation only returns the configuration sets that are associated with your account in the current AWSRegion.", "privilege": "ListConfigurationSets", "resource_types": [ { @@ -153962,7 +154517,7 @@ }, { "access_level": "List", - "description": "This action returns a list of the different Amazon EC2 Amazon Machine Images (AMIs) that are owned by your AWS account that would be supported for use on a Snow device.", + "description": "This action returns a list of the different Amazon EC2 Amazon Machine Images (AMIs) that are owned by your AWSaccount that would be supported for use on a Snow device.", "privilege": "ListCompatibleImages", "resource_types": [ { @@ -154137,7 +154692,7 @@ }, { "access_level": "Write", - "description": "Grants permission to add a destination phone number and send a one-time password (OTP) to that phone number for an AWS account", + "description": "Grants permission to add a destination phone number and send a one-time password (OTP) to that phone number for an AWSaccount", "privilege": "CreateSMSSandboxPhoneNumber", "resource_types": [ { @@ -154187,7 +154742,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an AWS account's verified or pending phone number", + "description": "Grants permission to delete an AWSaccount's verified or pending phone number", "privilege": "DeleteSMSSandboxPhoneNumber", "resource_types": [ { @@ -154563,7 +155118,7 @@ }, { "access_level": "Write", - "description": "Grants permission to verify a destination phone number with a one-time password (OTP) for an AWS account", + "description": "Grants permission to verify a destination phone number with a one-time password (OTP) for an AWSaccount", "privilege": "VerifySMSSandboxPhoneNumber", "resource_types": [ { @@ -156480,7 +157035,7 @@ }, { "access_level": "Write", - "description": "Grants permission to reset the service setting for an AWS account to the default value", + "description": "Grants permission to reset the service setting for an AWSaccount to the default value", "privilege": "ResetServiceSetting", "resource_types": [ { @@ -156863,7 +157418,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update the service setting for an AWS account", + "description": "Grants permission to update the service setting for an AWSaccount", "privilege": "UpdateServiceSetting", "resource_types": [ { @@ -157931,7 +158486,7 @@ }, { "access_level": "Write", - "description": "Grants permission to assign access to a Principal for a specified AWS account using a specified permission set.", + "description": "Grants permission to assign access to a Principal for a specified AWSaccount using a specified permission set.", "privilege": "CreateAccountAssignment", "resource_types": [ { @@ -158045,7 +158600,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a Principal's access from a specified AWS account using a specified permission set.", + "description": "Grants permission to delete a Principal's access from a specified AWSaccount using a specified permission set.", "privilege": "DeleteAccountAssignment", "resource_types": [ { @@ -158468,7 +159023,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the status of the AWS account assignment creation requests for a specified SSO instance.", + "description": "Grants permission to list the status of the AWSaccount assignment creation requests for a specified SSO instance.", "privilege": "ListAccountAssignmentCreationStatus", "resource_types": [ { @@ -158480,7 +159035,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the status of the AWS account assignment deletion requests for a specified SSO instance.", + "description": "Grants permission to list the status of the AWSaccount assignment deletion requests for a specified SSO instance.", "privilege": "ListAccountAssignmentDeletionStatus", "resource_types": [ { @@ -158492,7 +159047,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the assignee of the specified AWS account with the specified permission set.", + "description": "Grants permission to list the assignee of the specified AWSaccount with the specified permission set.", "privilege": "ListAccountAssignments", "resource_types": [ { @@ -158648,7 +159203,7 @@ }, { "access_level": "List", - "description": "Grants permission to list all the permission sets that are provisioned to a specified AWS account.", + "description": "Grants permission to list all the permission sets that are provisioned to a specified AWSaccount.", "privilege": "ListPermissionSetsProvisionedToAccount", "resource_types": [ { @@ -160894,7 +161449,7 @@ }, { "access_level": "List", - "description": "Grants permission to list gateways owned by an AWS account in a region specified in the request. The returned list is ordered by gateway Amazon Resource Name (ARN)", + "description": "Grants permission to list gateways owned by an AWSaccount in a region specified in the request. The returned list is ordered by gateway Amazon Resource Name (ARN)", "privilege": "ListGateways", "resource_types": [ { @@ -160945,7 +161500,7 @@ }, { "access_level": "List", - "description": "Grants permission to list tape pools owned by your AWS account", + "description": "Grants permission to list tape pools owned by your AWSaccount", "privilege": "ListTapePools", "resource_types": [ { @@ -161855,7 +162410,7 @@ }, { "access_level": "Read", - "description": "Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for an AWS account or IAM user", + "description": "Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for an AWSaccount or IAM user", "privilege": "GetSessionToken", "resource_types": [ { @@ -164855,7 +165410,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view if the AWS account has enabled or disabled AWS Trusted Advisor", + "description": "Grants permission to view if the AWSaccount has enabled or disabled AWS Trusted Advisor", "privilege": "DescribeAccountAccess", "resource_types": [ { @@ -164915,7 +165470,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view the notification preferences for the AWS account", + "description": "Grants permission to view the notification preferences for the AWSaccount", "privilege": "DescribeNotificationPreferences", "resource_types": [ { @@ -164927,7 +165482,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view if the AWS account meets the requirements to enable the organizational view feature", + "description": "Grants permission to view if the AWSaccount meets the requirements to enable the organizational view feature", "privilege": "DescribeOrganization", "resource_types": [ { @@ -164963,7 +165518,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view information about organizational view reports, such as the AWS Regions, check categories, check names, and resource statuses", + "description": "Grants permission to view information about organizational view reports, such as the AWSRegions, check categories, check names, and resource statuses", "privilege": "DescribeServiceMetadata", "resource_types": [ { diff --git a/iamlivecore/map.json b/iamlivecore/map.json index d686b75..1dd7d12 100644 --- a/iamlivecore/map.json +++ b/iamlivecore/map.json @@ -3456,12 +3456,13 @@ "S3Control.CreateJob": [ { "action": "s3:CreateJob", - "undocumented": true + "resource_mappings": {} }, { "action": "iam:PassRole", - "arn_override": { - "template": "${CreateJobRequest.RoleArn}" + "resource_mappings": {}, + "resourcearn_mappings": { + "role": "${RoleArn}" } } ], @@ -23679,16 +23680,6 @@ } } ], - "EMR.AddInstanceFleet": [ - { - "action": "elasticmapreduce:AddInstanceFleet" - } - ], - "EMR.AddInstanceGroups": [ - { - "action": "elasticmapreduce:AddInstanceGroups" - } - ], "EMR.AddJobFlowSteps": [ { "action": "elasticmapreduce:AddJobFlowSteps", @@ -23867,7 +23858,12 @@ ], "EMR.ModifyInstanceGroups": [ { - "action": "elasticmapreduce:ModifyInstanceGroups" + "action": "elasticmapreduce:ModifyInstanceGroups", + "resource_mappings": { + "ClusterId": { + "template": "${ClusterId}" + } + } } ], "EMR.PutAutoScalingPolicy": [ @@ -49853,22 +49849,12 @@ "resource_mappings": {} } ], - "CostExplorer.CreateAnomalyMonitor": [ - { - "action": "ce:CreateAnomalyMonitor" - } - ], "CostExplorer.CreateAnomalySubscription": [ { "action": "ce:CreateAnomalySubscription", "resource_mappings": {} } ], - "CostExplorer.CreateCostCategoryDefinition": [ - { - "action": "ce:CreateCostCategoryDefinition" - } - ], "CostExplorer.DeleteAnomalyMonitor": [ { "action": "ce:DeleteAnomalyMonitor", @@ -49937,7 +49923,8 @@ ], "CostExplorer.UpdateCostCategoryDefinition": [ { - "action": "ce:UpdateCostCategoryDefinition" + "action": "ce:UpdateCostCategoryDefinition", + "resource_mappings": {} } ], "MediaConvert.AssociateCertificate": [ @@ -93777,28 +93764,6 @@ } } }, - { - "action": "lex:DeleteResourcePolicy", - "resource_mappings": { - "BotId": { - "template": "" - }, - "BotAliasId": { - "template": "" - } - } - }, - { - "action": "lex:DescribeBotAlias", - "resource_mappings": { - "BotId": { - "template": "" - }, - "BotAliasId": { - "template": "" - } - } - }, { "action": "lex:GetBot", "resource_mappings": { @@ -94484,18 +94449,20 @@ "CloudFront.AssociateAlias": [ { "action": "cloudfront:AssociateAlias", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:cloudfront::${Account}:distribution/${TargetDistributionId}" + "resource_mappings": { + "DistributionId": { + "template": "${TargetDistributionId}" + } } } ], "CloudFront.ListConflictingAliases": [ { "action": "cloudfront:ListConflictingAliases", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:cloudfront::${Account}:distribution/${DistributionId}" + "resource_mappings": { + "DistributionId": { + "template": "${DistributionId}" + } } } ], @@ -94640,117 +94607,142 @@ "Proton.CancelEnvironmentDeployment": [ { "action": "proton:CancelEnvironmentDeployment", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:proton:${Region}:${Account}:environment/${environmentName}" + "resource_mappings": { + "Name": { + "template": "${environmentName}" + } } } ], "Proton.CancelServiceInstanceDeployment": [ { "action": "proton:CancelServiceInstanceDeployment", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:proton:${Region}:${Account}:service/${serviceName}/service-instance/${serviceInstanceName}" + "resource_mappings": { + "ServiceName": { + "template": "${serviceName}" + }, + "Name": { + "template": "${serviceInstanceName}" + } } } ], "Proton.CancelServicePipelineDeployment": [ { "action": "proton:CancelServicePipelineDeployment", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:proton:${Region}:${Account}:service/${serviceName}" + "resource_mappings": { + "Name": { + "template": "${serviceName}" + } } } ], "Proton.DeleteEnvironmentTemplateVersion": [ { "action": "proton:DeleteEnvironmentTemplateVersion", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:proton:${Region}:${Account}:environment-template/${templateName}" + "resource_mappings": { + "Name": { + "template": "${templateName}" + } } } ], "Proton.DeleteServiceTemplateVersion": [ { "action": "proton:DeleteServiceTemplateVersion", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:proton:${Region}:${Account}:service-template/${templateName}" + "resource_mappings": { + "Name": { + "template": "${templateName}" + } } } ], "Proton.GetAccountSettings": [ { "action": "proton:GetAccountSettings", - "undocumented": true + "resource_mappings": {} } ], "Proton.GetEnvironmentTemplateVersion": [ { "action": "proton:GetEnvironmentTemplateVersion", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:proton:${Region}:${Account}:environment-template/${templateName}" + "resource_mappings": { + "Name": { + "template": "${templateName}" + } } } ], "Proton.GetServiceTemplateVersion": [ { "action": "proton:GetServiceTemplateVersion", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:proton:${Region}:${Account}:service-template/${templateName}" + "resource_mappings": { + "Name": { + "template": "${templateName}" + } } } ], "Proton.ListEnvironmentAccountConnections": [ { "action": "proton:ListEnvironmentAccountConnections", - "undocumented": true + "resource_mappings": { + "Id": { + "template": "*" + } + } } ], "Proton.ListEnvironmentTemplateVersions": [ { "action": "proton:ListEnvironmentTemplateVersions", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:proton:${Region}:${Account}:environment-template/${templateName}" + "resource_mappings": { + "Name": { + "template": "${templateName}" + } } } ], "Proton.ListServiceTemplateVersions": [ { "action": "proton:ListServiceTemplateVersions", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:proton:${Region}:${Account}:service-template/${templateName}" + "resource_mappings": { + "Name": { + "template": "${templateName}" + } } } ], "Proton.UpdateAccountSettings": [ { "action": "proton:UpdateAccountSettings", - "undocumented": true + "resource_mappings": {} + }, + { + "action": "iam:PassRole", + "resource_mappings": {}, + "resourcearn_mappings": { + "role": "${pipelineServiceRoleArn}" + } } ], "Proton.UpdateEnvironmentTemplateVersion": [ { "action": "proton:UpdateEnvironmentTemplateVersion", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:proton:${Region}:${Account}:environment-template/${templateName}" + "resource_mappings": { + "Name": { + "template": "${templateName}" + } } } ], "Proton.UpdateServiceTemplateVersion": [ { "action": "proton:UpdateServiceTemplateVersion", - "undocumented": true, - "arn_override": { - "template": "arn:${Partition}:proton:${Region}:${Account}:service-template/${templateName}" + "resource_mappings": { + "Name": { + "template": "${templateName}" + } } } ], @@ -96087,6 +96079,1534 @@ "template": "arn:${Partition}:mediapackage-vod:${Region}:${Account}:packaging-groups/${Id}" } } + ], + "EC2.DescribeSecurityGroupRules": [ + { + "action": "ec2:DescribeSecurityGroupRules", + "resource_mappings": {} + } + ], + "EC2.ModifySecurityGroupRules": [ + { + "action": "ec2:ModifySecurityGroupRules", + "resource_mappings": { + "SecurityGroupId": { + "template": "${GroupId}" + }, + "PrefixListId": { + "template": "${SecurityGroupRules[].SecurityGroupRule.PrefixListId}" + }, + "SecurityGroupRuleId": { + "template": "${SecurityGroupRules[].SecurityGroupRuleId}" + } + } + } + ], + "DocDB.CreateEventSubscription": [ + { + "action": "rds:CreateEventSubscription", + "resource_mappings": { + "SubscriptionName": { + "template": "${SubscriptionName}" + } + } + }, + { + "action": "rds:AddTagsToResource", + "resource_mappings": { + "DbInstanceName": { + "template": "*" + }, + "SubscriptionName": { + "template": "${SubscriptionName}" + }, + "OptionGroupName": { + "template": "*" + }, + "ParameterGroupName": { + "template": "*" + }, + "DbProxyId": { + "template": "*" + }, + "DbProxyEndpointId": { + "template": "*" + }, + "ReservedDbInstanceName": { + "template": "*" + }, + "SecurityGroupName": { + "template": "*" + }, + "SnapshotName": { + "template": "*" + }, + "SubnetGroupName": { + "template": "*" + }, + "TargetGroupId": { + "template": "*" + } + } + } + ], + "DocDB.CreateGlobalCluster": [ + { + "action": "rds:CreateGlobalCluster", + "resource_mappings": { + "DbClusterInstanceName": { + "template": "${SourceDBClusterIdentifier}" + }, + "GlobalCluster": { + "template": "${GlobalClusterIdentifier}" + } + } + } + ], + "DocDB.ModifyGlobalCluster": [ + { + "action": "rds:ModifyGlobalCluster", + "resource_mappings": { + "GlobalCluster": { + "template": "%%many%${GlobalClusterIdentifier}%${NewGlobalClusterIdentifier}%%" + } + } + } + ], + "IoTEventsData.BatchAcknowledgeAlarm": [ + { + "action": "iotevents:BatchAcknowledgeAlarm", + "resource_mappings": { + "inputName": { + "template": "*" + } + } + } + ], + "IoTEventsData.BatchDisableAlarm": [ + { + "action": "iotevents:BatchDisableAlarm", + "resource_mappings": { + "inputName": { + "template": "*" + } + } + } + ], + "IoTEventsData.BatchEnableAlarm": [ + { + "action": "iotevents:BatchEnableAlarm", + "resource_mappings": { + "inputName": { + "template": "*" + } + } + } + ], + "IoTEventsData.BatchResetAlarm": [ + { + "action": "iotevents:BatchResetAlarm", + "resource_mappings": { + "inputName": { + "template": "*" + } + } + } + ], + "IoTEventsData.BatchSnoozeAlarm": [ + { + "action": "iotevents:BatchSnoozeAlarm", + "resource_mappings": { + "inputName": { + "template": "*" + } + } + } + ], + "ForecastService.DeleteResourceTree": [ + { + "action": "forecast:DeleteResourceTree", + "resource_mappings": {}, + "resourcearn_mappings": { + "dataset": "%%iftemplatematch%${ResourceArn}%%", + "datasetGroup": "%%iftemplatematch%${ResourceArn}%%", + "datasetImportJob": "%%iftemplatematch%${ResourceArn}%%", + "forecast": "%%iftemplatematch%${ResourceArn}%%", + "forecastExport": "%%iftemplatematch%${ResourceArn}%%", + "predictor": "%%iftemplatematch%${ResourceArn}%%", + "predictorBacktestExportJob": "%%iftemplatematch%${ResourceArn}%%" + } + } + ], + "ForecastService.StopResource": [ + { + "action": "forecast:StopResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "datasetImportJob": "%%iftemplatematch%${ResourceArn}%%", + "forecast": "%%iftemplatematch%${ResourceArn}%%", + "forecastExport": "%%iftemplatematch%${ResourceArn}%%", + "predictor": "%%iftemplatematch%${ResourceArn}%%", + "predictorBacktestExportJob": "%%iftemplatematch%${ResourceArn}%%" + } + } + ], + "SESV2.CreateCustomVerificationEmailTemplate": [ + { + "action": "ses:CreateCustomVerificationEmailTemplate", + "resource_mappings": { + "IdentityName": { + "template": "*" + } + } + }, + { + "action": "ses:CreateCustomVerificationEmailTemplate", + "resource_mappings": { + "IdentityName": { + "template": "*" + } + } + } + ], + "SESV2.CreateEmailIdentityPolicy": [ + { + "action": "ses:CreateEmailIdentityPolicy", + "resource_mappings": { + "IdentityName": { + "template": "*" + } + } + } + ], + "SESV2.DeleteEmailIdentityPolicy": [ + { + "action": "ses:DeleteEmailIdentityPolicy", + "resource_mappings": { + "IdentityName": { + "template": "*" + } + } + } + ], + "SESV2.GetEmailIdentityPolicies": [ + { + "action": "ses:GetEmailIdentityPolicies", + "resource_mappings": { + "IdentityName": { + "template": "*" + } + } + } + ], + "SESV2.PutEmailIdentityConfigurationSetAttributes": [ + { + "action": "ses:PutEmailIdentityConfigurationSetAttributes", + "resource_mappings": { + "IdentityName": { + "template": "*" + }, + "ConfigurationSetName": { + "template": "${ConfigurationSetName}" + } + } + } + ], + "SESV2.PutEmailIdentityDkimSigningAttributes": [ + { + "action": "ses:PutEmailIdentityDkimSigningAttributes", + "resource_mappings": { + "IdentityName": { + "template": "*" + } + } + } + ], + "SESV2.UpdateEmailIdentityPolicy": [ + { + "action": "ses:UpdateEmailIdentityPolicy", + "resource_mappings": { + "IdentityName": { + "template": "*" + } + } + } + ], + "ComputeOptimizer.ExportLambdaFunctionRecommendations": [ + { + "action": "compute-optimizer:ExportLambdaFunctionRecommendations", + "resource_mappings": {} + }, + { + "action": "compute-optimizer:GetLambdaFunctionRecommendations", + "resource_mappings": {} + }, + { + "action": "lambda:ListFunctions", + "resource_mappings": {} + }, + { + "action": "lambda:ListProvisionedConcurrencyConfigs", + "resource_mappings": { + "FunctionName": { + "template": "*" + } + } + } + ], + "ServiceCatalogAppRegistry.UpdateApplication": [ + { + "action": "servicecatalog:UpdateApplication", + "resource_mappings": { + "ApplicationId": { + "template": "*" + } + } + }, + { + "action": "iam:CreateServiceLinkedRole", + "resource_mappings": { + "RoleNameWithPath": { + "template": "*" + } + } + } + ], + "HealthLake.ListFHIRExportJobs": [ + { + "action": "healthlake:ListFHIRExportJobs", + "resource_mappings": { + "AccountId": { + "template": "${Account}" + }, + "DatastoreId": { + "template": "${DatastoreId}" + } + } + } + ], + "HealthLake.ListFHIRImportJobs": [ + { + "action": "healthlake:ListFHIRImportJobs", + "resource_mappings": { + "AccountId": { + "template": "${Account}" + }, + "DatastoreId": { + "template": "${DatastoreId}" + } + } + } + ], + "HealthLake.ListTagsForResource": [ + { + "action": "healthlake:ListTagsForResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "datastore": "%%iftemplatematch%${ResourceARN}%%" + } + } + ], + "HealthLake.TagResource": [ + { + "action": "healthlake:TagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "datastore": "%%iftemplatematch%${ResourceARN}%%" + } + } + ], + "HealthLake.UntagResource": [ + { + "action": "healthlake:UntagResource", + "resource_mappings": {}, + "resourcearn_mappings": { + "datastore": "%%iftemplatematch%${ResourceARN}%%" + } + } + ], + "LexModelsV2.CreateExport": [ + { + "action": "lex:CreateExport", + "resource_mappings": { + "BotId": { + "template": "%%many%${resourceSpecification.botExportSpecification.botId}%${resourceSpecification.botLocaleExportSpecification.botId}%%" + } + } + } + ], + "LexModelsV2.CreateResourcePolicy": [ + { + "action": "lex:CreateResourcePolicy", + "resource_mappings": {}, + "resourcearn_mappings": { + "bot": "%%iftemplatematch%${resourceArn}%%", + "bot alias": "%%iftemplatematch%${resourceArn}%%" + } + } + ], + "LexModelsV2.DeleteExport": [ + { + "action": "lex:DeleteExport", + "resource_mappings": { + "BotId": { + "template": "*" + } + } + } + ], + "LexModelsV2.DeleteImport": [ + { + "action": "lex:DeleteImport", + "resource_mappings": { + "BotId": { + "template": "*" + } + } + } + ], + "LexModelsV2.DeleteResourcePolicy": [ + { + "action": "lex:DeleteResourcePolicy", + "resource_mappings": {}, + "resourcearn_mappings": { + "bot": "%%iftemplatematch%${resourceArn}%%", + "bot alias": "%%iftemplatematch%${resourceArn}%%" + } + } + ], + "LexModelsV2.DescribeExport": [ + { + "action": "lex:DescribeExport", + "resource_mappings": { + "BotId": { + "template": "*" + } + } + }, + { + "action": "lex:DescribeBot", + "resource_mappings": { + "BotId": { + "template": "*" + } + } + }, + { + "action": "lex:DescribeBotLocale", + "resource_mappings": { + "BotId": { + "template": "*" + } + } + }, + { + "action": "lex:DescribeIntent", + "resource_mappings": { + "BotId": { + "template": "*" + } + } + }, + { + "action": "lex:DescribeSlot", + "resource_mappings": { + "BotId": { + "template": "*" + } + } + }, + { + "action": "lex:DescribeSlotType", + "resource_mappings": { + "BotId": { + "template": "*" + } + } + }, + { + "action": "lex:ListBotLocales", + "resource_mappings": { + "BotId": { + "template": "*" + } + } + }, + { + "action": "lex:ListIntents", + "resource_mappings": { + "BotId": { + "template": "*" + } + } + }, + { + "action": "lex:ListSlotTypes", + "resource_mappings": { + "BotId": { + "template": "*" + } + } + }, + { + "action": "lex:ListSlots", + "resource_mappings": { + "BotId": { + "template": "*" + } + } + } + ], + "LexModelsV2.DescribeImport": [ + { + "action": "lex:DescribeImport", + "resource_mappings": { + "BotId": { + "template": "*" + } + } + } + ], + "LexModelsV2.DescribeResourcePolicy": [ + { + "action": "lex:DescribeResourcePolicy", + "resource_mappings": {}, + "resourcearn_mappings": { + "bot": "%%iftemplatematch%${resourceArn}%%", + "bot alias": "%%iftemplatematch%${resourceArn}%%" + } + } + ], + "LexModelsV2.UpdateExport": [ + { + "action": "lex:UpdateExport", + "resource_mappings": { + "BotId": { + "template": "*" + } + } + } + ], + "LexModelsV2.UpdateResourcePolicy": [ + { + "action": "lex:UpdateResourcePolicy", + "resource_mappings": {}, + "resourcearn_mappings": { + "bot": "%%iftemplatematch%${resourceArn}%%", + "bot alias": "%%iftemplatematch%${resourceArn}%%" + } + } + ], + "Proton.AcceptEnvironmentAccountConnection": [ + { + "action": "proton:AcceptEnvironmentAccountConnection", + "resource_mappings": { + "Id": { + "template": "${id}" + } + } + } + ], + "Proton.CreateEnvironmentAccountConnection": [ + { + "action": "proton:CreateEnvironmentAccountConnection", + "resource_mappings": {} + } + ], + "Proton.CreateEnvironmentTemplateVersion": [ + { + "action": "proton:CreateEnvironmentTemplateVersion", + "resource_mappings": { + "Name": { + "template": "${templateName}" + } + } + } + ], + "Proton.CreateServiceTemplateVersion": [ + { + "action": "proton:CreateServiceTemplateVersion", + "resource_mappings": { + "Name": { + "template": "${templateName}" + } + } + } + ], + "Proton.DeleteEnvironmentAccountConnection": [ + { + "action": "proton:DeleteEnvironmentAccountConnection", + "resource_mappings": { + "Id": { + "template": "${id}" + } + } + } + ], + "Proton.GetEnvironmentAccountConnection": [ + { + "action": "proton:GetEnvironmentAccountConnection", + "resource_mappings": { + "Id": { + "template": "${id}" + } + } + } + ], + "Proton.RejectEnvironmentAccountConnection": [ + { + "action": "proton:RejectEnvironmentAccountConnection", + "resource_mappings": { + "Id": { + "template": "${id}" + } + } + } + ], + "Proton.UpdateEnvironmentAccountConnection": [ + { + "action": "proton:UpdateEnvironmentAccountConnection", + "resource_mappings": { + "Id": { + "template": "${id}" + } + } + } + ], + "Lightsail.CreateBucket": [ + { + "action": "lightsail:CreateBucket", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:lightsail:${Region}:${Account}:*" + } + } + ], + "Lightsail.CreateBucketAccessKey": [ + { + "action": "lightsail:CreateBucketAccessKey", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:lightsail:${Region}:${Account}:*" + } + } + ], + "Lightsail.DeleteBucket": [ + { + "action": "lightsail:DeleteBucket", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:lightsail:${Region}:${Account}:*" + } + } + ], + "Lightsail.DeleteBucketAccessKey": [ + { + "action": "lightsail:DeleteBucketAccessKey", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:lightsail:${Region}:${Account}:*" + } + } + ], + "Lightsail.GetBucketAccessKeys": [ + { + "action": "lightsail:GetBucketAccessKeys", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:lightsail:${Region}:${Account}:*" + } + } + ], + "Lightsail.GetBucketBundles": [ + { + "action": "lightsail:GetBucketBundles", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:lightsail:${Region}:${Account}:*" + } + } + ], + "Lightsail.GetBuckets": [ + { + "action": "lightsail:GetBuckets", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:lightsail:${Region}:${Account}:*" + } + } + ], + "Lightsail.SetResourceAccessForBucket": [ + { + "action": "lightsail:SetResourceAccessForBucket", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:lightsail:${Region}:${Account}:*" + } + } + ], + "Lightsail.UpdateBucket": [ + { + "action": "lightsail:UpdateBucket", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:lightsail:${Region}:${Account}:*" + } + } + ], + "Lightsail.UpdateBucketBundle": [ + { + "action": "lightsail:UpdateBucketBundle", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:lightsail:${Region}:${Account}:*" + } + } + ], + "Redshift.CreateAuthenticationProfile": [ + { + "action": "redshift:CreateAuthenticationProfile", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "Redshift.DeleteAuthenticationProfile": [ + { + "action": "redshift:DeleteAuthenticationProfile", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "Redshift.DescribeAuthenticationProfiles": [ + { + "action": "redshift:DescribeAuthenticationProfiles", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "Redshift.ModifyAuthenticationProfile": [ + { + "action": "redshift:ModifyAuthenticationProfile", + "undocumented": true, + "arn_override": { + "template": "*" + } + } + ], + "LexModelBuildingService.GetMigration": [ + { + "action": "lex:GetMigration", + "undocumented": true + } + ], + "LexModelBuildingService.GetMigrations": [ + { + "action": "lex:GetMigrations", + "undocumented": true + } + ], + "Kendra.DeletePrincipalMapping": [ + { + "action": "kendra:DeletePrincipalMapping", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}" + } + } + ], + "Kendra.DescribePrincipalMapping": [ + { + "action": "kendra:DescribePrincipalMapping", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}" + } + } + ], + "Kendra.ListGroupsOlderThanOrderingId": [ + { + "action": "kendra:ListGroupsOlderThanOrderingId", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}" + } + } + ], + "Kendra.PutPrincipalMapping": [ + { + "action": "kendra:PutPrincipalMapping", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}" + } + } + ], + "QuickSight.CreateFolder": [ + { + "action": "quicksight:CreateFolder", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:quicksight:${Region}:${Account}:folder/${FolderId}" + } + } + ], + "QuickSight.ListFolders": [ + { + "action": "quicksight:ListFolders", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:quicksight:${Region}:${Account}:folder/*" + } + } + ], + "QuickSight.DeleteFolder": [ + { + "action": "quicksight:DeleteFolder", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:quicksight:${Region}:${Account}:folder/${FolderId}" + } + } + ], + "QuickSight.DescribeFolder": [ + { + "action": "quicksight:DescribeFolder", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:quicksight:${Region}:${Account}:folder/${FolderId}" + } + } + ], + "QuickSight.UpdateFolder": [ + { + "action": "quicksight:UpdateFolder", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:quicksight:${Region}:${Account}:folder/${FolderId}" + } + } + ], + "CloudFormation.ActivateType": [ + { + "action": "cloudformation:ActivateType", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:cloudformation:${Region}:${Account}:type/*" + } + } + ], + "CloudFormation.BatchDescribeTypeConfigurations": [ + { + "action": "cloudformation:BatchDescribeTypeConfiguration", + "undocumented": true + } + ], + "CodePipeline.GetActionType": [ + { + "action": "codepipeline:GetActionType", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:codepipeline:${Region}:${Account}:actiontype:${owner}/${category}/${provider}/${version}" + } + } + ], + "CodePipeline.UpdateActionType": [ + { + "action": "codepipeline:UpdateActionType", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:codepipeline:${Region}:${Account}:actiontype:${actionType.id.owner}/${actionType.id.category}/${actionType.id.provider}/${actionType.id.version}" + } + } + ], + "Lightsail.GetBucketMetricData": [ + { + "action": "lightsail:GetBucketMetricDat", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:lightsail:${Region}:${Account}:*" + } + } + ], + "SSM.UnlabelParameterVersion": [ + { + "action": "ssm:UnlabelParameterVersion", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:ssm:${Region}:${Account}:parameter/${Name}" + } + } + ], + "Glue.UpdateColumnStatisticsForTable": [ + { + "action": "glue:UpdateTable", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:glue:${Region}:${Account}:catalog" + } + } + ], + "Glue.UpdateColumnStatisticsForPartition": [ + { + "action": "glue:UpdatePartition", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:glue:${Region}:${Account}:catalog" + } + } + ], + "DataSync.UpdateLocationNfs": [ + { + "action": "datasync:UpdateLocationNfs", + "undocumented": true, + "arn_override": { + "template": "${LocationArn}" + } + } + ], + "DataSync.UpdateLocationObjectStorage": [ + { + "action": "datasync:UpdateLocationObjectStorage", + "undocumented": true, + "arn_override": { + "template": "${LocationArn}" + } + } + ], + "DataSync.UpdateLocationSmb": [ + { + "action": "datasync:UpdateLocationSmb", + "undocumented": true, + "arn_override": { + "template": "${LocationArn}" + } + } + ], + "WorkMailMessageFlow.PutRawMessageContent": [ + { + "action": "workmailmessageflow:PutRawMessageContent", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:workmailmessageflow:${Region}:${Account}:message/*/*/${messageId}" + } + } + ], + "IoTSiteWise.GetInterpolatedAssetPropertyValues": [ + { + "action": "iotsitewise:GetInterpolatedAssetPropertyValues", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:iotsitewise:${Region}:${Account}:asset/*" + } + } + ], + "IoTSiteWise.PutStorageConfiguration": [ + { + "action": "iotsitewise:PutStorageConfiguration", + "undocumented": true + } + ], + "LexModelsV2.CreateResourcePolicyStatement": [ + { + "action": "lex:CreateResourcePolicy", + "undocumented": true, + "arn_override": { + "template": "${resourceArn}" + } + } + ], + "LexModelsV2.DeleteResourcePolicyStatement": [ + { + "action": "lex:DeleteResourcePolicy", + "undocumented": true, + "arn_override": { + "template": "${resourceArn}" + } + } + ], + "ElasticBeanstalk.UpdateTagsForResource": [ + { + "action": "elasticbeanstalk:AddTags", + "undocumented": true, + "arn_override": { + "template": "${ResourceArn}" + } + }, + { + "action": "elasticbeanstalk:RemoveTags", + "undocumented": true, + "arn_override": { + "template": "${ResourceArn}" + } + } + ], + "AutoScaling.GetPredictiveScalingForecast": [ + { + "action": "autoscaling:GetPredictiveScalingForecast", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:autoscaling:${Region}:${Account}:autoScalingGroup:*:autoScalingGroupName/${AutoScalingGroupName}" + } + } + ], + "SSM.GetInventory": [ + { + "action": "ssm:GetInventory", + "resource_mappings": {} + } + ], + "SSM.GetOpsSummary": [ + { + "action": "ssm:GetOpsSummary", + "resource_mappings": { + "SyncName": { + "template": "${SyncName}" + } + } + } + ], + "SageMaker.Search": [ + { + "action": "sagemaker:Search", + "resource_mappings": {} + } + ], + "EMRcontainers.CreateManagedEndpoint": [ + { + "action": "emr-containers:CreateManagedEndpoint", + "resource_mappings": { + "virtualClusterId": { + "template": "${virtualClusterId}" + } + } + } + ], + "EMRcontainers.StartJobRun": [ + { + "action": "emr-containers:StartJobRun", + "resource_mappings": { + "virtualClusterId": { + "template": "${virtualClusterId}" + } + } + } + ], + "IoTEvents.StartDetectorModelAnalysis": [ + { + "action": "iotevents:StartDetectorModelAnalysis", + "undocumented": true + } + ], + "EMR.AddInstanceFleet": [ + { + "action": "elasticmapreduce:AddInstanceFleet", + "resource_mappings": { + "ClusterId": { + "template": "${ClusterId}" + } + } + } + ], + "EMR.AddInstanceGroups": [ + { + "action": "elasticmapreduce:AddInstanceGroups", + "resource_mappings": {} + } + ], + "EMR.SetVisibleToAllUsers": [ + { + "action": "elasticmapreduce:SetVisibleToAllUsers", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:elasticmapreduce:${Region}:${Account}:cluster/${JobFlowIds[]}" + } + } + ], + "S3Control.CreateAccessPointForObjectLambda": [ + { + "action": "s3:CreateAccessPointForObjectLambda", + "resource_mappings": { + "AccessPointName": { + "template": "${Name}" + } + } + } + ], + "S3Control.DeleteAccessPointForObjectLambda": [ + { + "action": "s3:DeleteAccessPointForObjectLambda", + "resource_mappings": { + "AccessPointName": { + "template": "${Name}" + } + } + } + ], + "S3Control.DeleteAccessPointPolicyForObjectLambda": [ + { + "action": "s3:DeleteAccessPointPolicyForObjectLambda", + "resource_mappings": { + "AccessPointName": { + "template": "${Name}" + } + } + } + ], + "S3Control.DescribeJob": [ + { + "action": "s3:DescribeJob", + "resource_mappings": { + "JobId": { + "template": "${JobId}" + } + } + } + ], + "S3Control.GetAccessPointConfigurationForObjectLambda": [ + { + "action": "s3:GetAccessPointConfigurationForObjectLambda", + "resource_mappings": { + "AccessPointName": { + "template": "${Name}" + } + } + } + ], + "S3Control.GetAccessPointForObjectLambda": [ + { + "action": "s3:GetAccessPointForObjectLambda", + "resource_mappings": { + "AccessPointName": { + "template": "${Name}" + } + } + } + ], + "S3Control.GetAccessPointPolicyForObjectLambda": [ + { + "action": "s3:GetAccessPointPolicyForObjectLambda", + "resource_mappings": { + "AccessPointName": { + "template": "${Name}" + } + } + } + ], + "S3Control.GetAccessPointPolicyStatusForObjectLambda": [ + { + "action": "s3:GetAccessPointPolicyStatusForObjectLambda", + "resource_mappings": { + "AccessPointName": { + "template": "${Name}" + } + } + } + ], + "S3Control.ListAccessPointsForObjectLambda": [ + { + "action": "s3:ListAccessPointsForObjectLambda", + "resource_mappings": {} + } + ], + "S3Control.ListJobs": [ + { + "action": "s3:ListJobs", + "resource_mappings": {} + } + ], + "S3Control.PutAccessPointConfigurationForObjectLambda": [ + { + "action": "s3:PutAccessPointConfigurationForObjectLambda", + "resource_mappings": { + "AccessPointName": { + "template": "${Name}" + } + } + } + ], + "S3Control.PutAccessPointPolicyForObjectLambda": [ + { + "action": "s3:PutAccessPointPolicyForObjectLambda", + "resource_mappings": { + "AccessPointName": { + "template": "${Name}" + } + } + } + ], + "ResourceGroups.PutGroupConfiguration": [ + { + "action": "resource-groups:PutGroupConfiguration", + "resource_mappings": {}, + "resourcearn_mappings": { + "group": "%%iftemplatematch%${Group}%%" + } + } + ], + "QuickSight.SearchFolders": [ + { + "action": "quicksight:SearchFolders", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:quicksight:${Region}:${Account}:folder/*" + } + } + ], + "S3Control.DeletePublicAccessBlock": [ + { + "action": "s3:PutAccountPublicAccessBlock", + "resource_mappings": {} + } + ], + "S3Control.GetPublicAccessBlock": [ + { + "action": "s3:GetAccountPublicAccessBlock", + "resource_mappings": {} + } + ], + "S3Control.PutBucketLifecycleConfiguration": [ + { + "action": "s3-outposts:PutLifecycleConfiguration", + "undocumented": true + } + ], + "S3Control.PutPublicAccessBlock": [ + { + "action": "s3:PutAccountPublicAccessBlock", + "resource_mappings": {} + } + ], + "RDSDataService.BatchExecuteStatement": [ + { + "action": "rds-data:BatchExecuteStatement", + "resource_mappings": {}, + "resourcearn_mappings": { + "cluster": "${resourceArn}" + } + } + ], + "RDSDataService.ExecuteStatement": [ + { + "action": "rds-data:ExecuteStatement", + "resource_mappings": {}, + "resourcearn_mappings": { + "cluster": "${resourceArn}" + } + } + ], + "CostExplorer.GetCostAndUsage": [ + { + "action": "ce:GetCostAndUsage", + "resource_mappings": {} + } + ], + "CostExplorer.GetCostAndUsageWithResources": [ + { + "action": "ce:GetCostAndUsageWithResources", + "resource_mappings": {} + } + ], + "CostExplorer.GetCostCategories": [ + { + "action": "ce:GetCostCategories", + "resource_mappings": {} + } + ], + "CostExplorer.GetCostForecast": [ + { + "action": "ce:GetCostForecast", + "resource_mappings": {} + } + ], + "CostExplorer.GetDimensionValues": [ + { + "action": "ce:GetDimensionValues", + "resource_mappings": {} + } + ], + "CostExplorer.GetReservationCoverage": [ + { + "action": "ce:GetReservationCoverage", + "resource_mappings": {} + } + ], + "CostExplorer.GetReservationPurchaseRecommendation": [ + { + "action": "ce:GetReservationPurchaseRecommendation", + "resource_mappings": {} + } + ], + "CostExplorer.GetReservationUtilization": [ + { + "action": "ce:GetReservationUtilization", + "resource_mappings": {} + } + ], + "CostExplorer.GetRightsizingRecommendation": [ + { + "action": "ce:GetRightsizingRecommendation", + "resource_mappings": {} + } + ], + "CostExplorer.GetSavingsPlansCoverage": [ + { + "action": "ce:GetSavingsPlansCoverage", + "resource_mappings": {} + } + ], + "CostExplorer.GetSavingsPlansPurchaseRecommendation": [ + { + "action": "ce:GetSavingsPlansPurchaseRecommendation", + "resource_mappings": {} + } + ], + "CostExplorer.GetSavingsPlansUtilization": [ + { + "action": "ce:GetSavingsPlansUtilization", + "resource_mappings": {} + } + ], + "CostExplorer.GetSavingsPlansUtilizationDetails": [ + { + "action": "ce:GetSavingsPlansUtilizationDetails", + "resource_mappings": {} + } + ], + "CostExplorer.GetTags": [ + { + "action": "ce:GetTags", + "resource_mappings": {} + } + ], + "CostExplorer.GetUsageForecast": [ + { + "action": "ce:GetUsageForecast", + "resource_mappings": {} + } + ], + "Kendra.Query": [ + { + "action": "kendra:Query", + "resource_mappings": { + "IndexId": { + "template": "${IndexId}" + } + } + } + ], + "CostExplorer.CreateAnomalyMonitor": [ + { + "action": "ce:CreateAnomalyMonitor", + "resource_mappings": {} + } + ], + "CostExplorer.CreateCostCategoryDefinition": [ + { + "action": "ce:CreateCostCategoryDefinition", + "resource_mappings": {} + } + ], + "S3.WriteGetObjectResponse": [ + { + "action": "s3-object-lambda:WriteGetObjectResponse", + "resource_mappings": { + "AccessPointName": { + "template": "*" + } + } + } + ], + "CloudDirectory.GetAppliedSchemaVersion": [ + { + "action": "clouddirectory:GetAppliedSchemaVersion", + "undocumented": true, + "arn_override": { + "template": "${SchemaArn}" + } + } + ], + "CloudDirectory.UpgradeAppliedSchema": [ + { + "action": "clouddirectory:UpgradeAppliedSchema", + "undocumented": true + } + ], + "CloudDirectory.UpgradePublishedSchema": [ + { + "action": "clouddirectory:UpgradePublishedSchema", + "undocumented": true + } + ], + "LexModelBuildingService.StartMigration": [ + { + "action": "lex:StartMigration", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:lex:${Region}:${Account}:bot:${v1BotName}:${v1BotVersion}" + } + } + ], + "ApiGatewayManagementApi.DeleteConnection": [ + { + "action": "execute-api:ManageConnections", + "resource_mappings": { + "ApiId": { + "template": "*" + }, + "Stage": { + "template": "*" + }, + "Method": { + "template": "POST" + }, + "ApiSpecificResourcePath": { + "template": "@connections" + } + } + } + ], + "ApiGatewayManagementApi.GetConnection": [ + { + "action": "execute-api:ManageConnections", + "resource_mappings": { + "ApiId": { + "template": "*" + }, + "Stage": { + "template": "*" + }, + "Method": { + "template": "POST" + }, + "ApiSpecificResourcePath": { + "template": "@connections" + } + } + } + ], + "ApiGatewayManagementApi.PostToConnection": [ + { + "action": "execute-api:ManageConnections", + "resource_mappings": { + "ApiId": { + "template": "*" + }, + "Stage": { + "template": "*" + }, + "Method": { + "template": "POST" + }, + "ApiSpecificResourcePath": { + "template": "@connections" + } + } + } + ], + "QuickSight.CreateFolderMembership": [ + { + "action": "quicksight:CreateFolderMembership", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:quicksight:${Region}:${Account}:folder/${FolderId}" + } + } + ], + "QuickSight.DeleteFolderMembership": [ + { + "action": "quicksight:DeleteFolderMembership", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:quicksight:${Region}:${Account}:folder/${FolderId}" + } + } + ], + "QuickSight.DescribeFolderPermissions": [ + { + "action": "quicksight:DescribeFolderPermissions", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:quicksight:${Region}:${Account}:folder/${FolderId}" + } + } + ], + "QuickSight.DescribeFolderResolvedPermissions": [ + { + "action": "quicksight:DescribeFolderResolvedPermissions", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:quicksight:${Region}:${Account}:folder/${FolderId}" + } + } + ], + "QuickSight.ListFolderMembers": [ + { + "action": "quicksight:ListFolderMembers", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:quicksight:${Region}:${Account}:folder/${FolderId}" + } + } + ], + "QuickSight.UpdateFolderPermissions": [ + { + "action": "quicksight:UpdateFolderPermissions", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:quicksight:${Region}:${Account}:folder/${FolderId}" + } + } + ], + "KinesisAnalyticsV2.UpdateApplicationMaintenanceConfiguration": [ + { + "action": "kinesisanalytics:UpdateApplicationMaintenanceConfiguration", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:kinesisanalytics:${Region}:${Account}:application/${ApplicationName}" + } + } + ], + "ServiceDiscovery.UpdateHttpNamespace": [ + { + "action": "servicediscovery:UpdateHttpNamespace", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:servicediscovery:${Region}:${Account}:namespace/${Id}" + } + } + ], + "LexRuntimeV2.RecognizeUtterance": [ + { + "action": "lex:RecognizeUtterance", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:servicediscovery:${Region}:${Account}:namespace/${Id}" + } + } + ], + "S3.DeleteBucketIntelligentTieringConfiguration": [ + { + "action": "s3:DeleteIntelligentTieringConfiguration", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:s3:::${Bucket}" + } + } + ], + "S3.ListBucketIntelligentTieringConfigurations": [ + { + "action": "s3:GetIntelligentTieringConfiguration", + "undocumented": true, + "arn_override": { + "template": "arn:${Partition}:s3:::${Bucket}" + } + } ] }, "sdk_service_mappings": { @@ -96308,7 +97828,7 @@ "Route 53 Domains": "route53domains", "RoboMaker": "robomaker", "S3 Control": "s3", - "S3Control": "s3-outposts", + "S3Control": "s3", "S3Outposts": "s3-outposts", "Service Catalog": "servicecatalog", "SES": "ses",