fix: update IAM service definitions

src/data/iam-services/amazon-connect-cases.json

@@ -33,6 +33,7 @@
       "description": "Grants permission to create a case in the case domain",
       "accessLevel": "Write",
       "resourceTypes": [
+        "Case*",
         "Domain*",
         "Field*",
         "Template*"
@@ -55,7 +56,8 @@
       "description": "Grants permission to create a field in the case domain",
       "accessLevel": "Write",
       "resourceTypes": [
-        "Domain*"
+        "Domain*",
+        "Field*"
       ],
       "conditionKeys": [],
       "dependentActions": []
@@ -66,7 +68,8 @@
       "description": "Grants permission to create a layout in the case domain",
       "accessLevel": "Write",
       "resourceTypes": [
-        "Domain*"
+        "Domain*",
+        "Layout*"
       ],
       "conditionKeys": [],
       "dependentActions": []
@@ -78,7 +81,8 @@
       "accessLevel": "Write",
       "resourceTypes": [
         "Case*",
-        "Domain*"
+        "Domain*",
+        "RelatedItem*"
       ],
       "conditionKeys": [],
       "dependentActions": []
@@ -90,7 +94,8 @@
       "accessLevel": "Write",
       "resourceTypes": [
         "Domain*",
-        "Layout*"
+        "Layout*",
+        "Template*"
       ],
       "conditionKeys": [],
       "dependentActions": []

src/data/iam-services/amazon-elastic-mapreduce.json

@@ -354,6 +354,18 @@
       "conditionKeys": [],
       "dependentActions": []
     },
+    {
+      "name": "GetClusterSessionCredentials",
+      "description": "Grants permission to retrieve HTTP basic credentials associated with a given execution IAM Role for a fine-grained access control enabled EMR Cluster",
+      "accessLevel": "Write",
+      "resourceTypes": [
+        "cluster*"
+      ],
+      "conditionKeys": [
+        "elasticmapreduce:ExecutionRoleArn"
+      ],
+      "dependentActions": []
+    },
     {
       "name": "GetManagedScalingPolicy",
       "documentationUrl": "https://docs.aws.amazon.com/emr/latest/APIReference/API_GetManagedScalingPolicy.html",
@@ -830,6 +842,7 @@
     },
     {
       "name": "ViewEventsFromAllClustersInConsole",
+      "documentationUrl": "https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelasticmapreduce.html",
       "description": "Grants permission to use the EMR console to view events from all clusters",
       "accessLevel": "List",
       "resourceTypes": [],

src/data/iam-services/amazon-kendra-intelligent-ranking.json

@@ -0,0 +1,110 @@
+{
+  "serviceName": "Amazon Kendra Intelligent Ranking",
+  "servicePrefix": "kendra-ranking",
+  "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonkendraintelligentranking.html",
+  "actions": [
+    {
+      "name": "CreateRescoreExecutionPlan",
+      "documentationUrl": "https://docs.aws.amazon.com/kendra/latest/dg/API_Ranking_CreateRescoreExecutionPlan.html",
+      "description": "Grants permission to create a RescoreExecutionPlan",
+      "accessLevel": "Write",
+      "resourceTypes": [],
+      "conditionKeys": [
+        "aws:RequestTag/${TagKey}",
+        "aws:TagKeys"
+      ],
+      "dependentActions": []
+    },
+    {
+      "name": "DeleteRescoreExecutionPlan",
+      "documentationUrl": "https://docs.aws.amazon.com/kendra/latest/dg/API_Ranking_DeleteRescoreExecutionPlan.html",
+      "description": "Grants permission to delete a RescoreExecutionPlan",
+      "accessLevel": "Write",
+      "resourceTypes": [
+        "rescore-execution-plan*"
+      ],
+      "conditionKeys": [],
+      "dependentActions": []
+    },
+    {
+      "name": "DescribeRescoreExecutionPlan",
+      "documentationUrl": "https://docs.aws.amazon.com/kendra/latest/dg/API_Ranking_DescribeRescoreExecutionPlan.html",
+      "description": "Grants permission to describe a RescoreExecutionPlan",
+      "accessLevel": "Read",
+      "resourceTypes": [
+        "rescore-execution-plan*"
+      ],
+      "conditionKeys": [],
+      "dependentActions": []
+    },
+    {
+      "name": "ListRescoreExecutionPlans",
+      "documentationUrl": "https://docs.aws.amazon.com/kendra/latest/dg/API_Ranking_ListRescoreExecutionPlans.html",
+      "description": "Grants permission to list all RescoreExecutionPlans",
+      "accessLevel": "List",
+      "resourceTypes": [],
+      "conditionKeys": [],
+      "dependentActions": []
+    },
+    {
+      "name": "ListTagsForResource",
+      "documentationUrl": "https://docs.aws.amazon.com/kendra/latest/dg/API_Ranking_ListTagsForResource.html",
+      "description": "Grants permission to list tags for a resource",
+      "accessLevel": "Read",
+      "resourceTypes": [
+        "rescore-execution-plan"
+      ],
+      "conditionKeys": [],
+      "dependentActions": []
+    },
+    {
+      "name": "Rescore",
+      "documentationUrl": "https://docs.aws.amazon.com/kendra/latest/dg/API_Ranking_Rescore.html",
+      "description": "Grants permission to Rescore documents with Kendra Intelligent Ranking",
+      "accessLevel": "Read",
+      "resourceTypes": [
+        "rescore-execution-plan*"
+      ],
+      "conditionKeys": [],
+      "dependentActions": []
+    },
+    {
+      "name": "TagResource",
+      "documentationUrl": "https://docs.aws.amazon.com/kendra/latest/dg/API_Ranking_TagResource.html",
+      "description": "Grants permission to tag a resource with given key value pairs",
+      "accessLevel": "Tagging",
+      "resourceTypes": [
+        "rescore-execution-plan"
+      ],
+      "conditionKeys": [
+        "aws:RequestTag/${TagKey}",
+        "aws:TagKeys"
+      ],
+      "dependentActions": []
+    },
+    {
+      "name": "UntagResource",
+      "documentationUrl": "https://docs.aws.amazon.com/kendra/latest/dg/API_Ranking_UntagResource.html",
+      "description": "Grants permission to remove the tag with the given key from a resource",
+      "accessLevel": "Tagging",
+      "resourceTypes": [
+        "rescore-execution-plan"
+      ],
+      "conditionKeys": [
+        "aws:TagKeys"
+      ],
+      "dependentActions": []
+    },
+    {
+      "name": "UpdateRescoreExecutionPlan",
+      "documentationUrl": "https://docs.aws.amazon.com/kendra/latest/dg/API_Ranking_UpdateRescoreExecutionPlan.html",
+      "description": "Grants permission to update a RescoreExecutionPlan",
+      "accessLevel": "Write",
+      "resourceTypes": [
+        "rescore-execution-plan*"
+      ],
+      "conditionKeys": [],
+      "dependentActions": []
+    }
+  ]
+}

src/data/iam-services/amazon-route-53-application-recovery-controller---zonal-shift.json

@@ -12,7 +12,10 @@
         "ALB*",
         "NLB*"
       ],
-      "conditionKeys": [],
+      "conditionKeys": [
+        "aws:ResourceTag/${TagKey}",
+        "elasticloadbalancing:ResourceTag/${TagKey}"
+      ],
       "dependentActions": []
     },
     {
@@ -24,7 +27,10 @@
         "ALB*",
         "NLB*"
       ],
-      "conditionKeys": [],
+      "conditionKeys": [
+        "aws:ResourceTag/${TagKey}",
+        "elasticloadbalancing:ResourceTag/${TagKey}"
+      ],
       "dependentActions": []
     },
     {
@@ -54,7 +60,10 @@
         "ALB*",
         "NLB*"
       ],
-      "conditionKeys": [],
+      "conditionKeys": [
+        "aws:ResourceTag/${TagKey}",
+        "elasticloadbalancing:ResourceTag/${TagKey}"
+      ],
       "dependentActions": []
     },
     {
@@ -66,7 +75,10 @@
         "ALB*",
         "NLB*"
       ],
-      "conditionKeys": [],
+      "conditionKeys": [
+        "aws:ResourceTag/${TagKey}",
+        "elasticloadbalancing:ResourceTag/${TagKey}"
+      ],
       "dependentActions": []
     }
   ]

src/data/iam-services/amazon-route-53-resolver.json

@@ -112,9 +112,7 @@
       "documentationUrl": "https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverQueryLogConfig.html",
       "description": "Grants permission to create a Resolver query logging configuration, which defines where you want Resolver to save DNS query logs that originate in your VPCs",
       "accessLevel": "Write",
-      "resourceTypes": [
-        "resolver-query-log-config*"
-      ],
+      "resourceTypes": [],
       "conditionKeys": [
         "aws:RequestTag/${TagKey}",
         "aws:TagKeys"
@@ -355,9 +353,7 @@
       "documentationUrl": "https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverQueryLogConfigAssociation.html",
       "description": "Grants permission to get information about a specified association between a Resolver query logging configuration and an Amazon VPC. When you associate a VPC with a query logging configuration, Resolver logs DNS queries that originate in that VPC",
       "accessLevel": "Read",
-      "resourceTypes": [
-        "resolver-query-log-config*"
-      ],
+      "resourceTypes": [],
       "conditionKeys": [],
       "dependentActions": []
     },
@@ -527,9 +523,7 @@
       "documentationUrl": "https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverQueryLogConfigAssociations.html",
       "description": "Grants permission to list information about associations between Amazon VPCs and query logging configurations",
       "accessLevel": "List",
-      "resourceTypes": [
-        "resolver-query-log-config*"
-      ],
+      "resourceTypes": [],
       "conditionKeys": [],
       "dependentActions": [
         "ec2:DescribeVpcs"
@@ -540,9 +534,7 @@
       "documentationUrl": "https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverQueryLogConfigs.html",
       "description": "Grants permission to list information about the specified query logging configurations, which define where you want Resolver to save DNS query logs and specify the VPCs that you want to log queries for",
       "accessLevel": "List",
-      "resourceTypes": [
-        "resolver-query-log-config*"
-      ],
+      "resourceTypes": [],
       "conditionKeys": [],
       "dependentActions": [
         "ec2:DescribeVpcs"

src/data/iam-services/amazon-sagemaker.json

@@ -546,7 +546,10 @@
         "aws:TagKeys",
         "sagemaker:FeatureGroupOnlineStoreKmsKey",
         "sagemaker:FeatureGroupOfflineStoreKmsKey",
-        "sagemaker:FeatureGroupOfflineStoreS3Uri"
+        "sagemaker:FeatureGroupOfflineStoreS3Uri",
+        "sagemaker:FeatureGroupEnableOnlineStore",
+        "sagemaker:FeatureGroupOfflineStoreConfig",
+        "sagemaker:FeatureGroupDisableGlueTableCreation"
       ],
       "dependentActions": [
         "iam:PassRole",

src/data/iam-services/aws-account-management.json

@@ -3,6 +3,17 @@
   "servicePrefix": "account",
   "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsaccountmanagement.html",
   "actions": [
+    {
+      "name": "CloseAccount",
+      "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/security_account-permissions-ref.html",
+      "description": "Grants permission to close an account",
+      "accessLevel": "Write",
+      "resourceTypes": [
+        "account"
+      ],
+      "conditionKeys": [],
+      "dependentActions": []
+    },
     {
       "name": "DeleteAlternateContact",
       "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/API_DeleteAlternateContact.html",
@@ -39,6 +50,17 @@
       ],
       "dependentActions": []
     },
+    {
+      "name": "GetAccountInformation",
+      "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/security_account-permissions-ref.html",
+      "description": "Grants permission to retrieve the account information for an account",
+      "accessLevel": "Read",
+      "resourceTypes": [
+        "account"
+      ],
+      "conditionKeys": [],
+      "dependentActions": []
+    },
     {
       "name": "GetAlternateContact",
       "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/API_GetAlternateContact.html",
@@ -53,6 +75,17 @@
       ],
       "dependentActions": []
     },
+    {
+      "name": "GetChallengeQuestions",
+      "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/security_account-permissions-ref.html",
+      "description": "Grants permission to retrieve the challenge questions for an account",
+      "accessLevel": "Read",
+      "resourceTypes": [
+        "account"
+      ],
+      "conditionKeys": [],
+      "dependentActions": []
+    },
     {
       "name": "GetContactInformation",
       "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/API_GetContactInformation.html",
@@ -88,6 +121,17 @@
       ],
       "dependentActions": []
     },
+    {
+      "name": "PutChallengeQuestions",
+      "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/security_account-permissions-ref.html",
+      "description": "Grants permission to modify the challenge questions for an account",
+      "accessLevel": "Write",
+      "resourceTypes": [
+        "account"
+      ],
+      "conditionKeys": [],
+      "dependentActions": []
+    },
     {
       "name": "PutContactInformation",
       "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/API_PutContactInformation.html",

src/data/iam-services/aws-appsync.json

@@ -172,14 +172,23 @@
     {
       "name": "DisassociateApi",
       "documentationUrl": "https://docs.aws.amazon.com/appsync/latest/APIReference/API_DisassociateApi.html",
-      "description": "Grants permission to dettach a GraphQL API to a custom domain name in AppSync",
+      "description": "Grants permission to detach a GraphQL API to a custom domain name in AppSync",
       "accessLevel": "Write",
       "resourceTypes": [
         "domain*"
       ],
       "conditionKeys": [],
       "dependentActions": []
     },
+    {
+      "name": "EvaluateCode",
+      "documentationUrl": "https://docs.aws.amazon.com/appsync/latest/APIReference/API_EvaluateCode.html",
+      "description": "Grants permission to evaluate code with a runtime and context",
+      "accessLevel": "Read",
+      "resourceTypes": [],
+      "conditionKeys": [],
+      "dependentActions": []
+    },
     {
       "name": "EvaluateMappingTemplate",
       "documentationUrl": "https://docs.aws.amazon.com/appsync/latest/APIReference/API_EvaluateMappingTemplate.html",