From 1c91b3a37044def7cf80a5467c93f4d6dbae127a Mon Sep 17 00:00:00 2001 From: TastefulElk Date: Mon, 16 Jan 2023 06:10:05 +0000 Subject: [PATCH] fix: update IAM service definitions --- .../iam-services/amazon-connect-cases.json | 13 +- .../amazon-elastic-mapreduce.json | 13 + .../amazon-kendra-intelligent-ranking.json | 110 + ...ion-recovery-controller---zonal-shift.json | 20 +- .../amazon-route-53-resolver.json | 16 +- src/data/iam-services/amazon-sagemaker.json | 5 +- .../iam-services/aws-account-management.json | 44 + src/data/iam-services/aws-appsync.json | 11 +- .../aws-billing-and-cost-management.json | 108 + src/data/iam-services/aws-clean-rooms.json | 414 ++++ src/data/iam-services/aws-cloudtrail.json | 141 +- .../aws-consolidated-billing.json | 25 + .../aws-cost-and-usage-report.json | 45 + .../aws-database-migration-service.json | 9 + src/data/iam-services/aws-free-tier.json | 34 + .../aws-identity-and-access-management.json | 1931 +++++++++++++++++ .../iam-services/aws-invoicing-service.json | 43 + src/data/iam-services/aws-launch-wizard.json | 79 + src/data/iam-services/aws-payments.json | 70 + .../aws-purchase-orders-console.json | 67 +- src/data/iam-services/aws-tax-settings.json | 62 +- 21 files changed, 3220 insertions(+), 40 deletions(-) create mode 100644 src/data/iam-services/amazon-kendra-intelligent-ranking.json create mode 100644 src/data/iam-services/aws-clean-rooms.json create mode 100644 src/data/iam-services/aws-consolidated-billing.json create mode 100644 src/data/iam-services/aws-free-tier.json create mode 100644 src/data/iam-services/aws-identity-and-access-management.json create mode 100644 src/data/iam-services/aws-invoicing-service.json create mode 100644 src/data/iam-services/aws-launch-wizard.json create mode 100644 src/data/iam-services/aws-payments.json diff --git a/src/data/iam-services/amazon-connect-cases.json b/src/data/iam-services/amazon-connect-cases.json index 171845c..ed2e73b 100644 --- a/src/data/iam-services/amazon-connect-cases.json +++ b/src/data/iam-services/amazon-connect-cases.json @@ -33,6 +33,7 @@ "description": "Grants permission to create a case in the case domain", "accessLevel": "Write", "resourceTypes": [ + "Case*", "Domain*", "Field*", "Template*" @@ -55,7 +56,8 @@ "description": "Grants permission to create a field in the case domain", "accessLevel": "Write", "resourceTypes": [ - "Domain*" + "Domain*", + "Field*" ], "conditionKeys": [], "dependentActions": [] @@ -66,7 +68,8 @@ "description": "Grants permission to create a layout in the case domain", "accessLevel": "Write", "resourceTypes": [ - "Domain*" + "Domain*", + "Layout*" ], "conditionKeys": [], "dependentActions": [] @@ -78,7 +81,8 @@ "accessLevel": "Write", "resourceTypes": [ "Case*", - "Domain*" + "Domain*", + "RelatedItem*" ], "conditionKeys": [], "dependentActions": [] @@ -90,7 +94,8 @@ "accessLevel": "Write", "resourceTypes": [ "Domain*", - "Layout*" + "Layout*", + "Template*" ], "conditionKeys": [], "dependentActions": [] diff --git a/src/data/iam-services/amazon-elastic-mapreduce.json b/src/data/iam-services/amazon-elastic-mapreduce.json index cd3f000..f1dbe9d 100644 --- a/src/data/iam-services/amazon-elastic-mapreduce.json +++ b/src/data/iam-services/amazon-elastic-mapreduce.json @@ -354,6 +354,18 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "GetClusterSessionCredentials", + "description": "Grants permission to retrieve HTTP basic credentials associated with a given execution IAM Role for a fine-grained access control enabled EMR Cluster", + "accessLevel": "Write", + "resourceTypes": [ + "cluster*" + ], + "conditionKeys": [ + "elasticmapreduce:ExecutionRoleArn" + ], + "dependentActions": [] + }, { "name": "GetManagedScalingPolicy", "documentationUrl": "https://docs.aws.amazon.com/emr/latest/APIReference/API_GetManagedScalingPolicy.html", @@ -830,6 +842,7 @@ }, { "name": "ViewEventsFromAllClustersInConsole", + "documentationUrl": "https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelasticmapreduce.html", "description": "Grants permission to use the EMR console to view events from all clusters", "accessLevel": "List", "resourceTypes": [], diff --git a/src/data/iam-services/amazon-kendra-intelligent-ranking.json b/src/data/iam-services/amazon-kendra-intelligent-ranking.json new file mode 100644 index 0000000..40f4f3d --- /dev/null +++ b/src/data/iam-services/amazon-kendra-intelligent-ranking.json @@ -0,0 +1,110 @@ +{ + "serviceName": "Amazon Kendra Intelligent Ranking", + "servicePrefix": "kendra-ranking", + "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_amazonkendraintelligentranking.html", + "actions": [ + { + "name": "CreateRescoreExecutionPlan", + "documentationUrl": "https://docs.aws.amazon.com/kendra/latest/dg/API_Ranking_CreateRescoreExecutionPlan.html", + "description": "Grants permission to create a RescoreExecutionPlan", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "DeleteRescoreExecutionPlan", + "documentationUrl": "https://docs.aws.amazon.com/kendra/latest/dg/API_Ranking_DeleteRescoreExecutionPlan.html", + "description": "Grants permission to delete a RescoreExecutionPlan", + "accessLevel": "Write", + "resourceTypes": [ + "rescore-execution-plan*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DescribeRescoreExecutionPlan", + "documentationUrl": "https://docs.aws.amazon.com/kendra/latest/dg/API_Ranking_DescribeRescoreExecutionPlan.html", + "description": "Grants permission to describe a RescoreExecutionPlan", + "accessLevel": "Read", + "resourceTypes": [ + "rescore-execution-plan*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListRescoreExecutionPlans", + "documentationUrl": "https://docs.aws.amazon.com/kendra/latest/dg/API_Ranking_ListRescoreExecutionPlans.html", + "description": "Grants permission to list all RescoreExecutionPlans", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListTagsForResource", + "documentationUrl": "https://docs.aws.amazon.com/kendra/latest/dg/API_Ranking_ListTagsForResource.html", + "description": "Grants permission to list tags for a resource", + "accessLevel": "Read", + "resourceTypes": [ + "rescore-execution-plan" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "Rescore", + "documentationUrl": "https://docs.aws.amazon.com/kendra/latest/dg/API_Ranking_Rescore.html", + "description": "Grants permission to Rescore documents with Kendra Intelligent Ranking", + "accessLevel": "Read", + "resourceTypes": [ + "rescore-execution-plan*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "TagResource", + "documentationUrl": "https://docs.aws.amazon.com/kendra/latest/dg/API_Ranking_TagResource.html", + "description": "Grants permission to tag a resource with given key value pairs", + "accessLevel": "Tagging", + "resourceTypes": [ + "rescore-execution-plan" + ], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "UntagResource", + "documentationUrl": "https://docs.aws.amazon.com/kendra/latest/dg/API_Ranking_UntagResource.html", + "description": "Grants permission to remove the tag with the given key from a resource", + "accessLevel": "Tagging", + "resourceTypes": [ + "rescore-execution-plan" + ], + "conditionKeys": [ + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "UpdateRescoreExecutionPlan", + "documentationUrl": "https://docs.aws.amazon.com/kendra/latest/dg/API_Ranking_UpdateRescoreExecutionPlan.html", + "description": "Grants permission to update a RescoreExecutionPlan", + "accessLevel": "Write", + "resourceTypes": [ + "rescore-execution-plan*" + ], + "conditionKeys": [], + "dependentActions": [] + } + ] +} \ No newline at end of file diff --git a/src/data/iam-services/amazon-route-53-application-recovery-controller---zonal-shift.json b/src/data/iam-services/amazon-route-53-application-recovery-controller---zonal-shift.json index dbcea40..f0761e6 100644 --- a/src/data/iam-services/amazon-route-53-application-recovery-controller---zonal-shift.json +++ b/src/data/iam-services/amazon-route-53-application-recovery-controller---zonal-shift.json @@ -12,7 +12,10 @@ "ALB*", "NLB*" ], - "conditionKeys": [], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], "dependentActions": [] }, { @@ -24,7 +27,10 @@ "ALB*", "NLB*" ], - "conditionKeys": [], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], "dependentActions": [] }, { @@ -54,7 +60,10 @@ "ALB*", "NLB*" ], - "conditionKeys": [], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], "dependentActions": [] }, { @@ -66,7 +75,10 @@ "ALB*", "NLB*" ], - "conditionKeys": [], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], "dependentActions": [] } ] diff --git a/src/data/iam-services/amazon-route-53-resolver.json b/src/data/iam-services/amazon-route-53-resolver.json index 99ae34f..14bcdd1 100644 --- a/src/data/iam-services/amazon-route-53-resolver.json +++ b/src/data/iam-services/amazon-route-53-resolver.json @@ -112,9 +112,7 @@ "documentationUrl": "https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverQueryLogConfig.html", "description": "Grants permission to create a Resolver query logging configuration, which defines where you want Resolver to save DNS query logs that originate in your VPCs", "accessLevel": "Write", - "resourceTypes": [ - "resolver-query-log-config*" - ], + "resourceTypes": [], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" @@ -355,9 +353,7 @@ "documentationUrl": "https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverQueryLogConfigAssociation.html", "description": "Grants permission to get information about a specified association between a Resolver query logging configuration and an Amazon VPC. When you associate a VPC with a query logging configuration, Resolver logs DNS queries that originate in that VPC", "accessLevel": "Read", - "resourceTypes": [ - "resolver-query-log-config*" - ], + "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, @@ -527,9 +523,7 @@ "documentationUrl": "https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverQueryLogConfigAssociations.html", "description": "Grants permission to list information about associations between Amazon VPCs and query logging configurations", "accessLevel": "List", - "resourceTypes": [ - "resolver-query-log-config*" - ], + "resourceTypes": [], "conditionKeys": [], "dependentActions": [ "ec2:DescribeVpcs" @@ -540,9 +534,7 @@ "documentationUrl": "https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverQueryLogConfigs.html", "description": "Grants permission to list information about the specified query logging configurations, which define where you want Resolver to save DNS query logs and specify the VPCs that you want to log queries for", "accessLevel": "List", - "resourceTypes": [ - "resolver-query-log-config*" - ], + "resourceTypes": [], "conditionKeys": [], "dependentActions": [ "ec2:DescribeVpcs" diff --git a/src/data/iam-services/amazon-sagemaker.json b/src/data/iam-services/amazon-sagemaker.json index 9e2664f..f4b9658 100644 --- a/src/data/iam-services/amazon-sagemaker.json +++ b/src/data/iam-services/amazon-sagemaker.json @@ -546,7 +546,10 @@ "aws:TagKeys", "sagemaker:FeatureGroupOnlineStoreKmsKey", "sagemaker:FeatureGroupOfflineStoreKmsKey", - "sagemaker:FeatureGroupOfflineStoreS3Uri" + "sagemaker:FeatureGroupOfflineStoreS3Uri", + "sagemaker:FeatureGroupEnableOnlineStore", + "sagemaker:FeatureGroupOfflineStoreConfig", + "sagemaker:FeatureGroupDisableGlueTableCreation" ], "dependentActions": [ "iam:PassRole", diff --git a/src/data/iam-services/aws-account-management.json b/src/data/iam-services/aws-account-management.json index 2a880e4..b5b694e 100644 --- a/src/data/iam-services/aws-account-management.json +++ b/src/data/iam-services/aws-account-management.json @@ -3,6 +3,17 @@ "servicePrefix": "account", "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsaccountmanagement.html", "actions": [ + { + "name": "CloseAccount", + "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/security_account-permissions-ref.html", + "description": "Grants permission to close an account", + "accessLevel": "Write", + "resourceTypes": [ + "account" + ], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "DeleteAlternateContact", "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/API_DeleteAlternateContact.html", @@ -39,6 +50,17 @@ ], "dependentActions": [] }, + { + "name": "GetAccountInformation", + "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/security_account-permissions-ref.html", + "description": "Grants permission to retrieve the account information for an account", + "accessLevel": "Read", + "resourceTypes": [ + "account" + ], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "GetAlternateContact", "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/API_GetAlternateContact.html", @@ -53,6 +75,17 @@ ], "dependentActions": [] }, + { + "name": "GetChallengeQuestions", + "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/security_account-permissions-ref.html", + "description": "Grants permission to retrieve the challenge questions for an account", + "accessLevel": "Read", + "resourceTypes": [ + "account" + ], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "GetContactInformation", "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/API_GetContactInformation.html", @@ -88,6 +121,17 @@ ], "dependentActions": [] }, + { + "name": "PutChallengeQuestions", + "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/security_account-permissions-ref.html", + "description": "Grants permission to modify the challenge questions for an account", + "accessLevel": "Write", + "resourceTypes": [ + "account" + ], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "PutContactInformation", "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/API_PutContactInformation.html", diff --git a/src/data/iam-services/aws-appsync.json b/src/data/iam-services/aws-appsync.json index d5f388f..dc6be86 100644 --- a/src/data/iam-services/aws-appsync.json +++ b/src/data/iam-services/aws-appsync.json @@ -172,7 +172,7 @@ { "name": "DisassociateApi", "documentationUrl": "https://docs.aws.amazon.com/appsync/latest/APIReference/API_DisassociateApi.html", - "description": "Grants permission to dettach a GraphQL API to a custom domain name in AppSync", + "description": "Grants permission to detach a GraphQL API to a custom domain name in AppSync", "accessLevel": "Write", "resourceTypes": [ "domain*" @@ -180,6 +180,15 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "EvaluateCode", + "documentationUrl": "https://docs.aws.amazon.com/appsync/latest/APIReference/API_EvaluateCode.html", + "description": "Grants permission to evaluate code with a runtime and context", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "EvaluateMappingTemplate", "documentationUrl": "https://docs.aws.amazon.com/appsync/latest/APIReference/API_EvaluateMappingTemplate.html", diff --git a/src/data/iam-services/aws-billing-and-cost-management.json b/src/data/iam-services/aws-billing-and-cost-management.json index dae67c3..50bc418 100644 --- a/src/data/iam-services/aws-billing-and-cost-management.json +++ b/src/data/iam-services/aws-billing-and-cost-management.json @@ -3,6 +3,78 @@ "servicePrefix": "billing", "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsbilling_.html", "actions": [ + { + "name": "GetBillingData", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Grants permission to perform queries on billing information", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetBillingDetails", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Grants permission to view detailed line item billing information", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetBillingNotifications", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Grants permission to view notifications sent by AWS related to your accounts billing information", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetBillingPreferences", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Grants permission to view billing preferences such as reserved instance, savings plans and credits sharing", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetContractInformation", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Grants permission to view the account's contract information including the contract number, end-user organization names, PO numbers and if the account is used to service public-sector customers", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetCredits", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Grants permission to view credits that have been redeemed", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetIAMAccessPreference", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Grants permission to retrieve the state of the Allow IAM Access billing preference", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetSellerOfRecord", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Grants permission to retrieve the account's default Seller of Record", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "ListBillingViews", "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", @@ -11,6 +83,42 @@ "resourceTypes": [], "conditionKeys": [], "dependentActions": [] + }, + { + "name": "PutContractInformation", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Grants permission to set the account's contract information end-user organization names and if the account is used to service public-sector customers", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "RedeemCredits", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Grants permission to redeem an AWS credit", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateBillingPreferences", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Grants permission to update billing preferences such as reserved instance, savings plans and credits sharing", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateIAMAccessPreference", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Grants permission to update the Allow IAM Access billing preference", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] } ] } \ No newline at end of file diff --git a/src/data/iam-services/aws-clean-rooms.json b/src/data/iam-services/aws-clean-rooms.json new file mode 100644 index 0000000..e424be7 --- /dev/null +++ b/src/data/iam-services/aws-clean-rooms.json @@ -0,0 +1,414 @@ +{ + "serviceName": "AWS Clean Rooms", + "servicePrefix": "cleanrooms", + "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awscleanrooms.html", + "actions": [ + { + "name": "BatchGetSchema", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_BatchGetSchema.html", + "description": "Grants permission to view details for schemas", + "accessLevel": "Read", + "resourceTypes": [ + "Collaboration*", + "ConfiguredTableAssociation*" + ], + "conditionKeys": [], + "dependentActions": [ + "cleanrooms:GetSchema" + ] + }, + { + "name": "CreateCollaboration", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_CreateCollaboration.html", + "description": "Grants permission to create a new collaboration, a shared data collaboration environment", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "CreateConfiguredTable", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_CreateConfiguredTable.html", + "description": "Grants permission to create a new configured table", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [ + "glue:BatchGetPartition", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:GetPartition", + "glue:GetPartitions", + "glue:GetSchemaVersion", + "glue:GetTable", + "glue:GetTables" + ] + }, + { + "name": "CreateConfiguredTableAnalysisRule", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_CreateConfiguredTableAnalysisRule.html", + "description": "Grants permission to create a analysis rule for a configured table", + "accessLevel": "Write", + "resourceTypes": [ + "ConfiguredTable*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "CreateConfiguredTableAssociation", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_CreateConfiguredTableAssociation.html", + "description": "Grants permission to link a configured table with a collaboration by creating a new association", + "accessLevel": "Write", + "resourceTypes": [ + "ConfiguredTable*", + "Membership*" + ], + "conditionKeys": [], + "dependentActions": [ + "iam:PassRole" + ] + }, + { + "name": "CreateMembership", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_CreateMembership.html", + "description": "Grants permission to join collaborations by creating a membership", + "accessLevel": "Write", + "resourceTypes": [ + "Collaboration*" + ], + "conditionKeys": [], + "dependentActions": [ + "logs:CreateLogDelivery", + "logs:CreateLogGroup", + "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery" + ] + }, + { + "name": "DeleteCollaboration", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_DeleteCollaboration.html", + "description": "Grants permission to delete an existing collaboration", + "accessLevel": "Write", + "resourceTypes": [ + "Collaboration*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteConfiguredTable", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_DeleteConfiguredTable.html", + "description": "Grants permission to delete a configured table", + "accessLevel": "Write", + "resourceTypes": [ + "ConfiguredTable*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteConfiguredTableAnalysisRule", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_DeleteConfiguredTableAnalysisRule.html", + "description": "Grants permission to delete an existing analysis rule", + "accessLevel": "Write", + "resourceTypes": [ + "ConfiguredTable*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteConfiguredTableAssociation", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_DeleteConfiguredTableAssociation.html", + "description": "Grants permission to remove a configured table association from a collaboration", + "accessLevel": "Write", + "resourceTypes": [ + "ConfiguredTableAssociation*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteMember", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_DeleteMember.html", + "description": "Grants permission to delete members from a collaboration", + "accessLevel": "Write", + "resourceTypes": [ + "Collaboration*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteMembership", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_DeleteMembership.html", + "description": "Grants permission to leave collaborations by deleting a membership", + "accessLevel": "Write", + "resourceTypes": [ + "Membership*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetCollaboration", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetCollaboration.html", + "description": "Grants permission to view details for a collaboration", + "accessLevel": "Read", + "resourceTypes": [ + "Collaboration*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetConfiguredTable", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetConfiguredTable.html", + "description": "Grants permission to view details for a configured table", + "accessLevel": "Read", + "resourceTypes": [ + "ConfiguredTable*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetConfiguredTableAnalysisRule", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetConfiguredTableAnalysisRule.html", + "description": "Grants permission to view analysis rules for a configured table", + "accessLevel": "Read", + "resourceTypes": [ + "ConfiguredTable*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetConfiguredTableAssociation", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetConfiguredTableAssociation.html", + "description": "Grants permission to view details for a configured table association", + "accessLevel": "Read", + "resourceTypes": [ + "ConfiguredTableAssociation*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetMembership", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetMembership.html", + "description": "Grants permission to view details about a membership", + "accessLevel": "Read", + "resourceTypes": [ + "Membership*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetProtectedQuery", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetProtectedQuery.html", + "description": "Grants permission to view a protected query", + "accessLevel": "Read", + "resourceTypes": [ + "Membership*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetSchema", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetSchema.html", + "description": "Grants permission to view details for a schema", + "accessLevel": "Read", + "resourceTypes": [ + "Collaboration*", + "ConfiguredTableAssociation*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetSchemaAnalysisRule", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_GetSchemaAnalysisRule.html", + "description": "Grants permission to view analysis rules associated with a schema", + "accessLevel": "Read", + "resourceTypes": [ + "Collaboration*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListCollaborations", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListCollaborations.html", + "description": "Grants permission to list available collaborations", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListConfiguredTableAssociations", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListConfiguredTableAssociations.html", + "description": "Grants permission to list available configured table associations for a membership", + "accessLevel": "List", + "resourceTypes": [ + "Membership*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListConfiguredTables", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListConfiguredTables.html", + "description": "Grants permission to list available configured tables", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListMembers", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListMembers.html", + "description": "Grants permission to list the members of a collaboration", + "accessLevel": "List", + "resourceTypes": [ + "Collaboration*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListMemberships", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListMemberships.html", + "description": "Grants permission to list available memberships", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListProtectedQueries", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListProtectedQueries.html", + "description": "Grants permission to list protected queries", + "accessLevel": "List", + "resourceTypes": [ + "Membership*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListSchemas", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_ListSchemas.html", + "description": "Grants permission to view available schemas for a collaboration", + "accessLevel": "List", + "resourceTypes": [ + "Collaboration*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "StartProtectedQuery", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_StartProtectedQuery.html", + "description": "Grants permission to start protected queries", + "accessLevel": "Write", + "resourceTypes": [ + "Membership*" + ], + "conditionKeys": [], + "dependentActions": [ + "cleanrooms:GetSchema", + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:PutObject" + ] + }, + { + "name": "UpdateCollaboration", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_UpdateCollaboration.html", + "description": "Grants permission to update details of the collaboration", + "accessLevel": "Write", + "resourceTypes": [ + "Collaboration*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateConfiguredTable", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_UpdateConfiguredTable.html", + "description": "Grants permission to update an existing configured table", + "accessLevel": "Write", + "resourceTypes": [ + "ConfiguredTable*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateConfiguredTableAnalysisRule", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_UpdateConfiguredTableAnalysisRule.html", + "description": "Grants permission to update analysis rules for a configured table", + "accessLevel": "Write", + "resourceTypes": [ + "ConfiguredTable*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateConfiguredTableAssociation", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_UpdateConfiguredTableAssociation.html", + "description": "Grants permission to update a configured table association", + "accessLevel": "Write", + "resourceTypes": [ + "ConfiguredTableAssociation*" + ], + "conditionKeys": [], + "dependentActions": [ + "iam:PassRole" + ] + }, + { + "name": "UpdateMembership", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_UpdateMembership.html", + "description": "Grants permission to update details of a membership", + "accessLevel": "Write", + "resourceTypes": [ + "Membership*" + ], + "conditionKeys": [], + "dependentActions": [ + "logs:CreateLogDelivery", + "logs:CreateLogGroup", + "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery" + ] + }, + { + "name": "UpdateProtectedQuery", + "documentationUrl": "https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_UpdateProtectedQuery.html", + "description": "Grants permission to update protected queries", + "accessLevel": "Write", + "resourceTypes": [ + "Membership*" + ], + "conditionKeys": [], + "dependentActions": [] + } + ] +} \ No newline at end of file diff --git a/src/data/iam-services/aws-cloudtrail.json b/src/data/iam-services/aws-cloudtrail.json index aca0b6f..28fbef3 100644 --- a/src/data/iam-services/aws-cloudtrail.json +++ b/src/data/iam-services/aws-cloudtrail.json @@ -6,7 +6,7 @@ { "name": "AddTags", "documentationUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AddTags.html", - "description": "Grants permission to add one or more tags to a trail, up to a limit of 10", + "description": "Grants permission to add one or more tags to a trail or event data store, up to a limit of 50", "accessLevel": "Tagging", "resourceTypes": [ "eventdatastore", @@ -23,7 +23,9 @@ "documentationUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_CancelQuery.html", "description": "Grants permission to cancel a running query", "accessLevel": "Write", - "resourceTypes": [], + "resourceTypes": [ + "eventdatastore*" + ], "conditionKeys": [], "dependentActions": [] }, @@ -39,7 +41,14 @@ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependentActions": [] + "dependentActions": [ + "cloudtrail:AddTags", + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "kms:Decrypt", + "kms:GenerateDataKey", + "organizations:ListAWSServiceAccessForOrganization" + ] }, { "name": "CreateServiceLinkedChannel", @@ -65,7 +74,10 @@ "aws:TagKeys" ], "dependentActions": [ - "s3:PutObject" + "cloudtrail:AddTags", + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "organizations:ListAWSServiceAccessForOrganization" ] }, { @@ -108,14 +120,19 @@ "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], - "dependentActions": [] + "dependentActions": [ + "organizations:DeregisterDelegatedAdministrator", + "organizations:ListAWSServiceAccessForOrganization" + ] }, { "name": "DescribeQuery", "documentationUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DescribeQuery.html", "description": "Grants permission to list details for the query", "accessLevel": "Read", - "resourceTypes": [], + "resourceTypes": [ + "eventdatastore*" + ], "conditionKeys": [], "dependentActions": [] }, @@ -128,12 +145,25 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "GetChannel", + "documentationUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetChannel.html", + "description": "Grants permission to return information about a specific channel", + "accessLevel": "Read", + "resourceTypes": [ + "channel*" + ], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "GetEventDataStore", "documentationUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetEventDataStore.html", "description": "Grants permission to list settings for the event data store", "accessLevel": "Read", - "resourceTypes": [], + "resourceTypes": [ + "eventdatastore*" + ], "conditionKeys": [], "dependentActions": [] }, @@ -148,6 +178,15 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "GetImport", + "documentationUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetImport.html", + "description": "Grants permission to return information about a specific import", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "GetInsightSelectors", "documentationUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetInsightSelectors.html", @@ -164,9 +203,14 @@ "documentationUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetQueryResults.html", "description": "Grants permission to fetch results of a complete query", "accessLevel": "Read", - "resourceTypes": [], + "resourceTypes": [ + "eventdatastore*" + ], "conditionKeys": [], - "dependentActions": [] + "dependentActions": [ + "kms:Decrypt", + "kms:GenerateDataKey" + ] }, { "name": "GetServiceLinkedChannel", @@ -184,7 +228,9 @@ "documentationUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetTrail.html", "description": "Grants permission to list settings for the trail", "accessLevel": "Read", - "resourceTypes": [], + "resourceTypes": [ + "trail*" + ], "conditionKeys": [], "dependentActions": [] }, @@ -199,6 +245,15 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "ListChannels", + "documentationUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListChannels.html", + "description": "Grants permission to list the channels in the current account, and their source names", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "ListEventDataStores", "documentationUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListEventDataStores.html", @@ -208,6 +263,24 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "ListImportFailures", + "documentationUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListImportFailures.html", + "description": "Grants permission to return a list of failures for the specified import", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListImports", + "documentationUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListImports.html", + "description": "Grants permission to return information on all imports, or a select set of imports by ImportStatus or Destination", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "ListPublicKeys", "documentationUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListPublicKeys.html", @@ -222,7 +295,9 @@ "documentationUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListQueries.html", "description": "Grants permission to list queries associated with an event data store", "accessLevel": "List", - "resourceTypes": [], + "resourceTypes": [ + "eventdatastore*" + ], "conditionKeys": [], "dependentActions": [] }, @@ -294,7 +369,12 @@ "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], - "dependentActions": [] + "dependentActions": [ + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:RegisterDelegatedAdministrator" + ] }, { "name": "RemoveTags", @@ -321,6 +401,15 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "StartImport", + "documentationUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StartImport.html", + "description": "Grants permission to start an import of logged trail events from a source S3 bucket to a destination event data store", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "StartLogging", "documentationUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StartLogging.html", @@ -337,6 +426,20 @@ "documentationUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StartQuery.html", "description": "Grants permission to start a new query on a specified event data store", "accessLevel": "Write", + "resourceTypes": [ + "eventdatastore*" + ], + "conditionKeys": [], + "dependentActions": [ + "kms:Decrypt", + "kms:GenerateDataKey" + ] + }, + { + "name": "StopImport", + "documentationUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StopImport.html", + "description": "Grants permission to stop a specified import", + "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] @@ -361,7 +464,13 @@ "eventdatastore*" ], "conditionKeys": [], - "dependentActions": [] + "dependentActions": [ + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "kms:Decrypt", + "kms:GenerateDataKey", + "organizations:ListAWSServiceAccessForOrganization" + ] }, { "name": "UpdateServiceLinkedChannel", @@ -383,7 +492,11 @@ "trail*" ], "conditionKeys": [], - "dependentActions": [] + "dependentActions": [ + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "organizations:ListAWSServiceAccessForOrganization" + ] } ] } \ No newline at end of file diff --git a/src/data/iam-services/aws-consolidated-billing.json b/src/data/iam-services/aws-consolidated-billing.json new file mode 100644 index 0000000..ddca081 --- /dev/null +++ b/src/data/iam-services/aws-consolidated-billing.json @@ -0,0 +1,25 @@ +{ + "serviceName": "AWS Consolidated Billing", + "servicePrefix": "consolidatedbilling", + "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsconsolidatedbilling.html", + "actions": [ + { + "name": "GetAccountBillingRole", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", + "description": "Grants permission to get account role (Payer, Linked, Regular)", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListLinkedAccounts", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", + "description": "Grants permission to get list of member/linked accounts", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + } + ] +} \ No newline at end of file diff --git a/src/data/iam-services/aws-cost-and-usage-report.json b/src/data/iam-services/aws-cost-and-usage-report.json index 8a8daa3..040d808 100644 --- a/src/data/iam-services/aws-cost-and-usage-report.json +++ b/src/data/iam-services/aws-cost-and-usage-report.json @@ -23,6 +23,33 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "GetClassicReport", + "documentationUrl": "${AuthZDocPage}", + "description": "Grants permission to get Bills CSV report", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetClassicReportPreferences", + "documentationUrl": "${AuthZDocPage}", + "description": "Grants permission to get the classic report enablement status for Usage Reports", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetUsageReport", + "documentationUrl": "${AuthZDocPage}", + "description": "Grants permission to get list of AWS services, usage type and operation for the Usage Report workflow. Allows or denies download of usage reports too", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "ModifyReportDefinition", "documentationUrl": "https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_cur_ModifyReportDefinition.html", @@ -34,6 +61,15 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "PutClassicReportPreferences", + "documentationUrl": "${AuthZDocPage}", + "description": "Grants permission to enable classic reports", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "PutReportDefinition", "documentationUrl": "https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_cur_PutReportDefinition.html", @@ -44,6 +80,15 @@ ], "conditionKeys": [], "dependentActions": [] + }, + { + "name": "ValidateReportDestination", + "documentationUrl": "${AuthZDocPage}", + "description": "Grants permission to validates if the s3 bucket exists with appropriate permissions for CUR delivery", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] } ] } \ No newline at end of file diff --git a/src/data/iam-services/aws-database-migration-service.json b/src/data/iam-services/aws-database-migration-service.json index 7ce83ba..4207b7f 100644 --- a/src/data/iam-services/aws-database-migration-service.json +++ b/src/data/iam-services/aws-database-migration-service.json @@ -1069,6 +1069,15 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "UpdateSubscriptionsToEventBridge", + "documentationUrl": "https://docs.aws.amazon.com/dms/latest/APIReference/API_UpdateSubscriptionsToEventBridge.html", + "description": "Grants permission to migrate DMS subcriptions to Eventbridge", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "UploadFileMetadataList", "documentationUrl": "https://docs.aws.amazon.com/dms/latest/APIReference/Welcome.html", diff --git a/src/data/iam-services/aws-free-tier.json b/src/data/iam-services/aws-free-tier.json new file mode 100644 index 0000000..8210da0 --- /dev/null +++ b/src/data/iam-services/aws-free-tier.json @@ -0,0 +1,34 @@ +{ + "serviceName": "AWS Free Tier", + "servicePrefix": "freetier", + "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsfreetier.html", + "actions": [ + { + "name": "GetFreeTierAlertPreference", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/tracking-free-tier-usage.html", + "description": "Allow or deny IAM users permission to get free tier alert preference (email address)", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetFreeTierUsage", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/tracking-free-tier-usage.html", + "description": "Allow or deny IAM users permission to get free tier usage limits and MTD usage status", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "PutFreeTierAlertPreference", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/tracking-free-tier-usage.html", + "description": "Allow or deny IAM users permission to set free tier alert preference (email address)", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + } + ] +} \ No newline at end of file diff --git a/src/data/iam-services/aws-identity-and-access-management.json b/src/data/iam-services/aws-identity-and-access-management.json new file mode 100644 index 0000000..76f005b --- /dev/null +++ b/src/data/iam-services/aws-identity-and-access-management.json @@ -0,0 +1,1931 @@ +{ + "serviceName": "AWS Identity and Access Management", + "servicePrefix": "iam", + "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsidentityandaccessmanagement.html", + "actions": [ + { + "name": "AddClientIDToOpenIDConnectProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddClientIDToOpenIDConnectProvider.html", + "description": "Grants permission to add a new client ID (audience) to the list of registered IDs for the specified IAM OpenID Connect (OIDC) provider resource", + "accessLevel": "Write", + "resourceTypes": [ + "oidc-provider*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "AddRoleToInstanceProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddRoleToInstanceProfile.html", + "description": "Grants permission to add an IAM role to the specified instance profile", + "accessLevel": "Write", + "resourceTypes": [ + "instance-profile*" + ], + "conditionKeys": [], + "dependentActions": [ + "iam:PassRole" + ] + }, + { + "name": "AddUserToGroup", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddUserToGroup.html", + "description": "Grants permission to add an IAM user to the specified IAM group", + "accessLevel": "Write", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "AttachGroupPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachGroupPolicy.html", + "description": "Grants permission to attach a managed policy to the specified IAM group", + "accessLevel": "Permissions management", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [ + "iam:PolicyARN" + ], + "dependentActions": [] + }, + { + "name": "AttachRolePolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachRolePolicy.html", + "description": "Grants permission to attach a managed policy to the specified IAM role", + "accessLevel": "Permissions management", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "iam:PolicyARN", + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "AttachUserPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachUserPolicy.html", + "description": "Grants permission to attach a managed policy to the specified IAM user", + "accessLevel": "Permissions management", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [ + "iam:PolicyARN", + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "ChangePassword", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html", + "description": "Grants permission for an IAM user to change their own password", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "CreateAccessKey", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccessKey.html", + "description": "Grants permission to create access key and secret access key for the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "CreateAccountAlias", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccountAlias.html", + "description": "Grants permission to create an alias for your AWS account", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "CreateGroup", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateGroup.html", + "description": "Grants permission to create a new group", + "accessLevel": "Write", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "CreateInstanceProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateInstanceProfile.html", + "description": "Grants permission to create a new instance profile", + "accessLevel": "Write", + "resourceTypes": [ + "instance-profile*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "CreateLoginProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateLoginProfile.html", + "description": "Grants permission to create a password for the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "CreateOpenIDConnectProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html", + "description": "Grants permission to create an IAM resource that describes an identity provider (IdP) that supports OpenID Connect (OIDC)", + "accessLevel": "Write", + "resourceTypes": [ + "oidc-provider*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "CreatePolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html", + "description": "Grants permission to create a new managed policy", + "accessLevel": "Permissions management", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "CreatePolicyVersion", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicyVersion.html", + "description": "Grants permission to create a new version of the specified managed policy", + "accessLevel": "Permissions management", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "CreateRole", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html", + "description": "Grants permission to create a new role", + "accessLevel": "Write", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "iam:PermissionsBoundary", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "CreateSAMLProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateSAMLProvider.html", + "description": "Grants permission to create an IAM resource that describes an identity provider (IdP) that supports SAML 2.0", + "accessLevel": "Write", + "resourceTypes": [ + "saml-provider*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "CreateServiceLinkedRole", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateServiceLinkedRole.html", + "description": "Grants permission to create an IAM role that allows an AWS service to perform actions on your behalf", + "accessLevel": "Write", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "iam:AWSServiceName" + ], + "dependentActions": [] + }, + { + "name": "CreateServiceSpecificCredential", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateServiceSpecificCredential.html", + "description": "Grants permission to create a new service-specific credential for an IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "CreateUser", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateUser.html", + "description": "Grants permission to create a new IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [ + "iam:PermissionsBoundary", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "CreateVirtualMFADevice", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateVirtualMFADevice.html", + "description": "Grants permission to create a new virtual MFA device", + "accessLevel": "Write", + "resourceTypes": [ + "mfa*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "DeactivateMFADevice", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeactivateMFADevice.html", + "description": "Grants permission to deactivate the specified MFA device and remove its association with the IAM user for which it was originally enabled", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteAccessKey", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccessKey.html", + "description": "Grants permission to delete the access key pair that is associated with the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteAccountAlias", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccountAlias.html", + "description": "Grants permission to delete the specified AWS account alias", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteAccountPasswordPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccountPasswordPolicy.html", + "description": "Grants permission to delete the password policy for the AWS account", + "accessLevel": "Permissions management", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteCloudFrontPublicKey", + "documentationUrl": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html", + "description": "Grants permission to delete an existing CloudFront public key", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteGroup", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteGroup.html", + "description": "Grants permission to delete the specified IAM group", + "accessLevel": "Write", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteGroupPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteGroupPolicy.html", + "description": "Grants permission to delete the specified inline policy from its group", + "accessLevel": "Permissions management", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteInstanceProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteInstanceProfile.html", + "description": "Grants permission to delete the specified instance profile", + "accessLevel": "Write", + "resourceTypes": [ + "instance-profile*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteLoginProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteLoginProfile.html", + "description": "Grants permission to delete the password for the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteOpenIDConnectProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteOpenIDConnectProvider.html", + "description": "Grants permission to delete an OpenID Connect identity provider (IdP) resource object in IAM", + "accessLevel": "Write", + "resourceTypes": [ + "oidc-provider*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeletePolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicy.html", + "description": "Grants permission to delete the specified managed policy and remove it from any IAM entities (users, groups, or roles) to which it is attached", + "accessLevel": "Permissions management", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeletePolicyVersion", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicyVersion.html", + "description": "Grants permission to delete a version from the specified managed policy", + "accessLevel": "Permissions management", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteRole", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRole.html", + "description": "Grants permission to delete the specified role", + "accessLevel": "Write", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteRolePermissionsBoundary", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePermissionsBoundary.html", + "description": "Grants permission to remove the permissions boundary from a role", + "accessLevel": "Permissions management", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "DeleteRolePolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePolicy.html", + "description": "Grants permission to delete the specified inline policy from the specified role", + "accessLevel": "Permissions management", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "DeleteSAMLProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSAMLProvider.html", + "description": "Grants permission to delete a SAML provider resource in IAM", + "accessLevel": "Write", + "resourceTypes": [ + "saml-provider*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteSSHPublicKey", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSSHPublicKey.html", + "description": "Grants permission to delete the specified SSH public key", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteServerCertificate", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServerCertificate.html", + "description": "Grants permission to delete the specified server certificate", + "accessLevel": "Write", + "resourceTypes": [ + "server-certificate*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteServiceLinkedRole", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceLinkedRole.html", + "description": "Grants permission to delete an IAM role that is linked to a specific AWS service, if the service is no longer using it", + "accessLevel": "Write", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteServiceSpecificCredential", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceSpecificCredential.html", + "description": "Grants permission to delete the specified service-specific credential for an IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteSigningCertificate", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSigningCertificate.html", + "description": "Grants permission to delete a signing certificate that is associated with the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteUser", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUser.html", + "description": "Grants permission to delete the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteUserPermissionsBoundary", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPermissionsBoundary.html", + "description": "Grants permission to remove the permissions boundary from the specified IAM user", + "accessLevel": "Permissions management", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [ + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "DeleteUserPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPolicy.html", + "description": "Grants permission to delete the specified inline policy from an IAM user", + "accessLevel": "Permissions management", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [ + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "DeleteVirtualMFADevice", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteVirtualMFADevice.html", + "description": "Grants permission to delete a virtual MFA device", + "accessLevel": "Write", + "resourceTypes": [ + "mfa", + "sms-mfa" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DetachGroupPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachGroupPolicy.html", + "description": "Grants permission to detach a managed policy from the specified IAM group", + "accessLevel": "Permissions management", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [ + "iam:PolicyARN" + ], + "dependentActions": [] + }, + { + "name": "DetachRolePolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html", + "description": "Grants permission to detach a managed policy from the specified role", + "accessLevel": "Permissions management", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "iam:PolicyARN", + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "DetachUserPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachUserPolicy.html", + "description": "Grants permission to detach a managed policy from the specified IAM user", + "accessLevel": "Permissions management", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [ + "iam:PolicyARN", + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "EnableMFADevice", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableMFADevice.html", + "description": "Grants permission to enable an MFA device and associate it with the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GenerateCredentialReport", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateCredentialReport.html", + "description": "Grants permission to generate a credential report for the AWS account", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GenerateOrganizationsAccessReport", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateOrganizationsAccessReport.html", + "description": "Grants permission to generate an access report for an AWS Organizations entity", + "accessLevel": "Read", + "resourceTypes": [ + "access-report*" + ], + "conditionKeys": [ + "iam:OrganizationsPolicyId" + ], + "dependentActions": [ + "organizations:DescribePolicy", + "organizations:ListChildren", + "organizations:ListParents", + "organizations:ListPoliciesForTarget", + "organizations:ListRoots", + "organizations:ListTargetsForPolicy" + ] + }, + { + "name": "GenerateServiceLastAccessedDetails", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateServiceLastAccessedDetails.html", + "description": "Grants permission to generate a service last accessed data report for an IAM resource", + "accessLevel": "Read", + "resourceTypes": [ + "group*", + "policy*", + "role*", + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetAccessKeyLastUsed", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccessKeyLastUsed.html", + "description": "Grants permission to retrieve information about when the specified access key was last used", + "accessLevel": "Read", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetAccountAuthorizationDetails", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountAuthorizationDetails.html", + "description": "Grants permission to retrieve information about all IAM users, groups, roles, and policies in your AWS account, including their relationships to one another", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetAccountEmailAddress", + "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html", + "description": "Grants permission to retrieve the email address that is associated with the account", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetAccountName", + "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html", + "description": "Grants permission to retrieve the account name that is associated with the account", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetAccountPasswordPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountPasswordPolicy.html", + "description": "Grants permission to retrieve the password policy for the AWS account", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetAccountSummary", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountSummary.html", + "description": "Grants permission to retrieve information about IAM entity usage and IAM quotas in the AWS account", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetCloudFrontPublicKey", + "documentationUrl": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html", + "description": "Grants permission to retrieve information about the specified CloudFront public key", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetContextKeysForCustomPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForCustomPolicy.html", + "description": "Grants permission to retrieve a list of all of the context keys that are referenced in the specified policy", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetContextKeysForPrincipalPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html", + "description": "Grants permission to retrieve a list of all context keys that are referenced in all IAM policies that are attached to the specified IAM identity (user, group, or role)", + "accessLevel": "Read", + "resourceTypes": [ + "group", + "role", + "user" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetCredentialReport", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetCredentialReport.html", + "description": "Grants permission to retrieve a credential report for the AWS account", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetGroup", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroup.html", + "description": "Grants permission to retrieve a list of IAM users in the specified IAM group", + "accessLevel": "Read", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetGroupPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroupPolicy.html", + "description": "Grants permission to retrieve an inline policy document that is embedded in the specified IAM group", + "accessLevel": "Read", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetInstanceProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetInstanceProfile.html", + "description": "Grants permission to retrieve information about the specified instance profile, including the instance profile's path, GUID, ARN, and role", + "accessLevel": "Read", + "resourceTypes": [ + "instance-profile*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetLoginProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetLoginProfile.html", + "description": "Grants permission to retrieve the user name and password creation date for the specified IAM user", + "accessLevel": "List", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetOpenIDConnectProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetOpenIDConnectProvider.html", + "description": "Grants permission to retrieve information about the specified OpenID Connect (OIDC) provider resource in IAM", + "accessLevel": "Read", + "resourceTypes": [ + "oidc-provider*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetOrganizationsAccessReport", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetOrganizationsAccessReport.html", + "description": "Grants permission to retrieve an AWS Organizations access report", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html", + "description": "Grants permission to retrieve information about the specified managed policy, including the policy's default version and the total number of identities to which the policy is attached", + "accessLevel": "Read", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetPolicyVersion", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html", + "description": "Grants permission to retrieve information about a version of the specified managed policy, including the policy document", + "accessLevel": "Read", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetRole", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRole.html", + "description": "Grants permission to retrieve information about the specified role, including the role's path, GUID, ARN, and the role's trust policy", + "accessLevel": "Read", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetRolePolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html", + "description": "Grants permission to retrieve an inline policy document that is embedded with the specified IAM role", + "accessLevel": "Read", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetSAMLProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetSAMLProvider.html", + "description": "Grants permission to retrieve the SAML provider metadocument that was uploaded when the IAM SAML provider resource was created or updated", + "accessLevel": "Read", + "resourceTypes": [ + "saml-provider*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetSSHPublicKey", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetSSHPublicKey.html", + "description": "Grants permission to retrieve the specified SSH public key, including metadata about the key", + "accessLevel": "Read", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetServerCertificate", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServerCertificate.html", + "description": "Grants permission to retrieve information about the specified server certificate stored in IAM", + "accessLevel": "Read", + "resourceTypes": [ + "server-certificate*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetServiceLastAccessedDetails", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetails.html", + "description": "Grants permission to retrieve information about the service last accessed data report", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetServiceLastAccessedDetailsWithEntities", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetailsWithEntities.html", + "description": "Grants permission to retrieve information about the entities from the service last accessed data report", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetServiceLinkedRoleDeletionStatus", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLinkedRoleDeletionStatus.html", + "description": "Grants permission to retrieve an IAM service-linked role deletion status", + "accessLevel": "Read", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetUser", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUser.html", + "description": "Grants permission to retrieve information about the specified IAM user, including the user's creation date, path, unique ID, and ARN", + "accessLevel": "Read", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetUserPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUserPolicy.html", + "description": "Grants permission to retrieve an inline policy document that is embedded in the specified IAM user", + "accessLevel": "Read", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListAccessKeys", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html", + "description": "Grants permission to list information about the access key IDs that are associated with the specified IAM user", + "accessLevel": "List", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListAccountAliases", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccountAliases.html", + "description": "Grants permission to list the account alias that is associated with the AWS account", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListAttachedGroupPolicies", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedGroupPolicies.html", + "description": "Grants permission to list all managed policies that are attached to the specified IAM group", + "accessLevel": "List", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListAttachedRolePolicies", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html", + "description": "Grants permission to list all managed policies that are attached to the specified IAM role", + "accessLevel": "List", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListAttachedUserPolicies", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedUserPolicies.html", + "description": "Grants permission to list all managed policies that are attached to the specified IAM user", + "accessLevel": "List", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListCloudFrontPublicKeys", + "documentationUrl": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html", + "description": "Grants permission to list all current CloudFront public keys for the account", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListEntitiesForPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html", + "description": "Grants permission to list all IAM identities to which the specified managed policy is attached", + "accessLevel": "List", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListGroupPolicies", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupPolicies.html", + "description": "Grants permission to list the names of the inline policies that are embedded in the specified IAM group", + "accessLevel": "List", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListGroups", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroups.html", + "description": "Grants permission to list the IAM groups that have the specified path prefix", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListGroupsForUser", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupsForUser.html", + "description": "Grants permission to list the IAM groups that the specified IAM user belongs to", + "accessLevel": "List", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListInstanceProfileTags", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfileTags.html", + "description": "Grants permission to list the tags that are attached to the specified instance profile", + "accessLevel": "List", + "resourceTypes": [ + "instance-profile*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListInstanceProfiles", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfiles.html", + "description": "Grants permission to list the instance profiles that have the specified path prefix", + "accessLevel": "List", + "resourceTypes": [ + "instance-profile*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListInstanceProfilesForRole", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfilesForRole.html", + "description": "Grants permission to list the instance profiles that have the specified associated IAM role", + "accessLevel": "List", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListMFADeviceTags", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListMFADeviceTags.html", + "description": "Grants permission to list the tags that are attached to the specified virtual mfa device", + "accessLevel": "List", + "resourceTypes": [ + "mfa*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListMFADevices", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListMFADevices.html", + "description": "Grants permission to list the MFA devices for an IAM user", + "accessLevel": "List", + "resourceTypes": [ + "user" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListOpenIDConnectProviderTags", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviderTags.html", + "description": "Grants permission to list the tags that are attached to the specified OpenID Connect provider", + "accessLevel": "List", + "resourceTypes": [ + "oidc-provider*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListOpenIDConnectProviders", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviders.html", + "description": "Grants permission to list information about the IAM OpenID Connect (OIDC) provider resource objects that are defined in the AWS account", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListPolicies", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html", + "description": "Grants permission to list all managed policies", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListPoliciesGrantingServiceAccess", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPoliciesGrantingServiceAccess.html", + "description": "Grants permission to list information about the policies that grant an entity access to a specific service", + "accessLevel": "List", + "resourceTypes": [ + "group*", + "role*", + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListPolicyTags", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyTags.html", + "description": "Grants permission to list the tags that are attached to the specified managed policy", + "accessLevel": "List", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListPolicyVersions", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyVersions.html", + "description": "Grants permission to list information about the versions of the specified managed policy, including the version that is currently set as the policy's default version", + "accessLevel": "List", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListRolePolicies", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRolePolicies.html", + "description": "Grants permission to list the names of the inline policies that are embedded in the specified IAM role", + "accessLevel": "List", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListRoleTags", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRoleTags.html", + "description": "Grants permission to list the tags that are attached to the specified IAM role", + "accessLevel": "List", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListRoles", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRoles.html", + "description": "Grants permission to list the IAM roles that have the specified path prefix", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListSAMLProviderTags", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSAMLProviderTags.html", + "description": "Grants permission to list the tags that are attached to the specified SAML provider", + "accessLevel": "List", + "resourceTypes": [ + "saml-provider*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListSAMLProviders", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSAMLProviders.html", + "description": "Grants permission to list the SAML provider resources in IAM", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListSSHPublicKeys", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSSHPublicKeys.html", + "description": "Grants permission to list information about the SSH public keys that are associated with the specified IAM user", + "accessLevel": "List", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListSTSRegionalEndpointsStatus", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html", + "description": "Grants permission to list the status of all active STS regional endpoints", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListServerCertificateTags", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServerCertificateTags.html", + "description": "Grants permission to list the tags that are attached to the specified server certificate", + "accessLevel": "List", + "resourceTypes": [ + "server-certificate*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListServerCertificates", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServerCertificates.html", + "description": "Grants permission to list the server certificates that have the specified path prefix", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListServiceSpecificCredentials", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServiceSpecificCredentials.html", + "description": "Grants permission to list the service-specific credentials that are associated with the specified IAM user", + "accessLevel": "List", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListSigningCertificates", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSigningCertificates.html", + "description": "Grants permission to list information about the signing certificates that are associated with the specified IAM user", + "accessLevel": "List", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListUserPolicies", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUserPolicies.html", + "description": "Grants permission to list the names of the inline policies that are embedded in the specified IAM user", + "accessLevel": "List", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListUserTags", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUserTags.html", + "description": "Grants permission to list the tags that are attached to the specified IAM user", + "accessLevel": "List", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListUsers", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUsers.html", + "description": "Grants permission to list the IAM users that have the specified path prefix", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListVirtualMFADevices", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListVirtualMFADevices.html", + "description": "Grants permission to list virtual MFA devices by assignment status", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "PassRole", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html", + "description": "Grants permission to pass a role to a service", + "accessLevel": "Write", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "iam:AssociatedResourceArn", + "iam:PassedToService" + ], + "dependentActions": [] + }, + { + "name": "PutGroupPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutGroupPolicy.html", + "description": "Grants permission to create or update an inline policy document that is embedded in the specified IAM group", + "accessLevel": "Permissions management", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "PutRolePermissionsBoundary", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePermissionsBoundary.html", + "description": "Grants permission to set a managed policy as a permissions boundary for a role", + "accessLevel": "Permissions management", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "PutRolePolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePolicy.html", + "description": "Grants permission to create or update an inline policy document that is embedded in the specified IAM role", + "accessLevel": "Permissions management", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "PutUserPermissionsBoundary", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPermissionsBoundary.html", + "description": "Grants permission to set a managed policy as a permissions boundary for an IAM user", + "accessLevel": "Permissions management", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [ + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "PutUserPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html", + "description": "Grants permission to create or update an inline policy document that is embedded in the specified IAM user", + "accessLevel": "Permissions management", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [ + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "RemoveClientIDFromOpenIDConnectProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveClientIDFromOpenIDConnectProvider.html", + "description": "Grants permission to remove the client ID (audience) from the list of client IDs in the specified IAM OpenID Connect (OIDC) provider resource", + "accessLevel": "Write", + "resourceTypes": [ + "oidc-provider*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "RemoveRoleFromInstanceProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveRoleFromInstanceProfile.html", + "description": "Grants permission to remove an IAM role from the specified EC2 instance profile", + "accessLevel": "Write", + "resourceTypes": [ + "instance-profile*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "RemoveUserFromGroup", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveUserFromGroup.html", + "description": "Grants permission to remove an IAM user from the specified group", + "accessLevel": "Write", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ResetServiceSpecificCredential", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResetServiceSpecificCredential.html", + "description": "Grants permission to reset the password for an existing service-specific credential for an IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ResyncMFADevice", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResyncMFADevice.html", + "description": "Grants permission to synchronize the specified MFA device with its IAM entity (user or role)", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "SetDefaultPolicyVersion", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_SetDefaultPolicyVersion.html", + "description": "Grants permission to set the version of the specified policy as the policy's default version", + "accessLevel": "Permissions management", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "SetSTSRegionalEndpointStatus", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html", + "description": "Grants permission to activate or deactivate an STS regional endpoint", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "SetSecurityTokenServicePreferences", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_SetSecurityTokenServicePreferences.html", + "description": "Grants permission to set the STS global endpoint token version", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "SimulateCustomPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html", + "description": "Grants permission to simulate whether an identity-based policy or resource-based policy provides permissions for specific API operations and resources", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "SimulatePrincipalPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html", + "description": "Grants permission to simulate whether an identity-based policy that is attached to a specified IAM entity (user or role) provides permissions for specific API operations and resources", + "accessLevel": "Read", + "resourceTypes": [ + "group", + "role", + "user" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "TagInstanceProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagInstanceProfile.html", + "description": "Grants permission to add tags to an instance profile", + "accessLevel": "Tagging", + "resourceTypes": [ + "instance-profile*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "TagMFADevice", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagMFADevice.html", + "description": "Grants permission to add tags to a virtual mfa device", + "accessLevel": "Tagging", + "resourceTypes": [ + "mfa*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "TagOpenIDConnectProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagOpenIDConnectProvider.html", + "description": "Grants permission to add tags to an OpenID Connect provider", + "accessLevel": "Tagging", + "resourceTypes": [ + "oidc-provider*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "TagPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagPolicy.html", + "description": "Grants permission to add tags to a managed policy", + "accessLevel": "Tagging", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "TagRole", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagRole.html", + "description": "Grants permission to add tags to an IAM role", + "accessLevel": "Tagging", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "TagSAMLProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagSAMLProvider.html", + "description": "Grants permission to add tags to a SAML Provider", + "accessLevel": "Tagging", + "resourceTypes": [ + "saml-provider*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "TagServerCertificate", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagServerCertificate.html", + "description": "Grants permission to add tags to a server certificate", + "accessLevel": "Tagging", + "resourceTypes": [ + "server-certificate*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "TagUser", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagUser.html", + "description": "Grants permission to add tags to an IAM user", + "accessLevel": "Tagging", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "UntagInstanceProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagInstanceProfile.html", + "description": "Grants permission to remove the specified tags from the instance profile", + "accessLevel": "Tagging", + "resourceTypes": [ + "instance-profile*" + ], + "conditionKeys": [ + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "UntagMFADevice", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagMFADevice.html", + "description": "Grants permission to remove the specified tags from the virtual mfa device", + "accessLevel": "Tagging", + "resourceTypes": [ + "mfa*" + ], + "conditionKeys": [ + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "UntagOpenIDConnectProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagOpenIDConnectProvider.html", + "description": "Grants permission to remove the specified tags from the OpenID Connect provider", + "accessLevel": "Tagging", + "resourceTypes": [ + "oidc-provider*" + ], + "conditionKeys": [ + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "UntagPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagPolicy.html", + "description": "Grants permission to remove the specified tags from the managed policy", + "accessLevel": "Tagging", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [ + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "UntagRole", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagRole.html", + "description": "Grants permission to remove the specified tags from the role", + "accessLevel": "Tagging", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "UntagSAMLProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagSAMLProvider.html", + "description": "Grants permission to remove the specified tags from the SAML Provider", + "accessLevel": "Tagging", + "resourceTypes": [ + "saml-provider*" + ], + "conditionKeys": [ + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "UntagServerCertificate", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagServerCertificate.html", + "description": "Grants permission to remove the specified tags from the server certificate", + "accessLevel": "Tagging", + "resourceTypes": [ + "server-certificate*" + ], + "conditionKeys": [ + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "UntagUser", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagUser.html", + "description": "Grants permission to remove the specified tags from the user", + "accessLevel": "Tagging", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [ + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "UpdateAccessKey", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccessKey.html", + "description": "Grants permission to update the status of the specified access key as Active or Inactive", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateAccountEmailAddress", + "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html", + "description": "Grants permission to update the email address that is associated with the account", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateAccountName", + "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html", + "description": "Grants permission to update the account name that is associated with the account", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateAccountPasswordPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccountPasswordPolicy.html", + "description": "Grants permission to update the password policy settings for the AWS account", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateAssumeRolePolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html", + "description": "Grants permission to update the policy that grants an IAM entity permission to assume a role", + "accessLevel": "Permissions management", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateCloudFrontPublicKey", + "documentationUrl": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html", + "description": "Grants permission to update an existing CloudFront public key", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateGroup", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateGroup.html", + "description": "Grants permission to update the name or path of the specified IAM group", + "accessLevel": "Write", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateLoginProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateLoginProfile.html", + "description": "Grants permission to change the password for the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateOpenIDConnectProviderThumbprint", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateOpenIDConnectProviderThumbprint.html", + "description": "Grants permission to update the entire list of server certificate thumbprints that are associated with an OpenID Connect (OIDC) provider resource", + "accessLevel": "Write", + "resourceTypes": [ + "oidc-provider*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateRole", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateRole.html", + "description": "Grants permission to update the description or maximum session duration setting of a role", + "accessLevel": "Write", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateRoleDescription", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateRoleDescription.html", + "description": "Grants permission to update only the description of a role", + "accessLevel": "Write", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateSAMLProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateSAMLProvider.html", + "description": "Grants permission to update the metadata document for an existing SAML provider resource", + "accessLevel": "Write", + "resourceTypes": [ + "saml-provider*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateSSHPublicKey", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateSSHPublicKey.html", + "description": "Grants permission to update the status of an IAM user's SSH public key to active or inactive", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateServerCertificate", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateServerCertificate.html", + "description": "Grants permission to update the name or the path of the specified server certificate stored in IAM", + "accessLevel": "Write", + "resourceTypes": [ + "server-certificate*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateServiceSpecificCredential", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateServiceSpecificCredential.html", + "description": "Grants permission to update the status of a service-specific credential to active or inactive for an IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateSigningCertificate", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateSigningCertificate.html", + "description": "Grants permission to update the status of the specified user signing certificate to active or disabled", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateUser", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateUser.html", + "description": "Grants permission to update the name or the path of the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UploadCloudFrontPublicKey", + "documentationUrl": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html", + "description": "Grants permission to upload a CloudFront public key", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UploadSSHPublicKey", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UploadSSHPublicKey.html", + "description": "Grants permission to upload an SSH public key and associate it with the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UploadServerCertificate", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UploadServerCertificate.html", + "description": "Grants permission to upload a server certificate entity for the AWS account", + "accessLevel": "Write", + "resourceTypes": [ + "server-certificate*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "UploadSigningCertificate", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UploadSigningCertificate.html", + "description": "Grants permission to upload an X.509 signing certificate and associate it with the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + } + ] +} \ No newline at end of file diff --git a/src/data/iam-services/aws-invoicing-service.json b/src/data/iam-services/aws-invoicing-service.json new file mode 100644 index 0000000..e6d59a2 --- /dev/null +++ b/src/data/iam-services/aws-invoicing-service.json @@ -0,0 +1,43 @@ +{ + "serviceName": "AWS Invoicing Service", + "servicePrefix": "invoicing", + "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsinvoicingservice.html", + "actions": [ + { + "name": "GetInvoiceEmailDeliveryPreferences", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Grants permission to get Invoice Email Delivery Preferences", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetInvoicePDF", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Grants permission to get Invoice PDF", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListInvoiceSummaries", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Grants permission to get Invoice summary information for your account or linked account", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "PutInvoiceEmailDeliveryPreferences", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Grants permission to put Invoice Email Delivery Preferences", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + } + ] +} \ No newline at end of file diff --git a/src/data/iam-services/aws-launch-wizard.json b/src/data/iam-services/aws-launch-wizard.json new file mode 100644 index 0000000..e3eeff0 --- /dev/null +++ b/src/data/iam-services/aws-launch-wizard.json @@ -0,0 +1,79 @@ +{ + "serviceName": "AWS Launch Wizard", + "servicePrefix": "launchwizard", + "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awslaunchwizard.html", + "actions": [ + { + "name": "DeleteApp", + "documentationUrl": "https://docs.aws.amazon.com/launchwizard/", + "description": "Grants permission to delete an application", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DescribeProvisionedApp", + "documentationUrl": "https://docs.aws.amazon.com/launchwizard/", + "description": "Grants permission to describe provisioning applications", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DescribeProvisioningEvents", + "documentationUrl": "https://docs.aws.amazon.com/launchwizard/", + "description": "Grants permission to describe provisioning events", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetInfrastructureSuggestion", + "documentationUrl": "https://docs.aws.amazon.com/launchwizard/", + "description": "Grants permission to get infrastructure suggestion", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetIpAddress", + "documentationUrl": "https://docs.aws.amazon.com/launchwizard/", + "description": "Grants permission to get customer's ip address", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetResourceCostEstimate", + "documentationUrl": "https://docs.aws.amazon.com/launchwizard/", + "description": "Grants permission to get resource cost estimate", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListProvisionedApps", + "documentationUrl": "https://docs.aws.amazon.com/launchwizard/", + "description": "Grants permission to list provisioning applications", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "StartProvisioning", + "documentationUrl": "https://docs.aws.amazon.com/launchwizard/", + "description": "Grants permission to start a provisioning", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + } + ] +} \ No newline at end of file diff --git a/src/data/iam-services/aws-payments.json b/src/data/iam-services/aws-payments.json new file mode 100644 index 0000000..ce15f2a --- /dev/null +++ b/src/data/iam-services/aws-payments.json @@ -0,0 +1,70 @@ +{ + "serviceName": "AWS Payments", + "servicePrefix": "payments", + "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awspayments.html", + "actions": [ + { + "name": "CreatePaymentInstrument", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", + "description": "Grants permission to create a payment instrument", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeletePaymentInstrument", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", + "description": "Grants permission to delete a payment instrument", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetPaymentInstrument", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", + "description": "Grants permission to get information about a payment instrument", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetPaymentStatus", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", + "description": "Grants permission to get payment status of invoices", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListPaymentPreferences", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", + "description": "Grants permission to get payment preferences (preferred payment currency, preferred payment method, etc.)", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "MakePayment", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", + "description": "Grants permission to make a payment, authenticate a payment, verify a payment method, and generate a funding request document for Advance Pay", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdatePaymentPreferences", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", + "description": "Grants permission to update payment preferences (preferred payment currency, preferred payment method, etc.)", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + } + ] +} \ No newline at end of file diff --git a/src/data/iam-services/aws-purchase-orders-console.json b/src/data/iam-services/aws-purchase-orders-console.json index a5bb69d..40e9575 100644 --- a/src/data/iam-services/aws-purchase-orders-console.json +++ b/src/data/iam-services/aws-purchase-orders-console.json @@ -3,10 +3,73 @@ "servicePrefix": "purchase-orders", "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awspurchaseordersconsole.html", "actions": [ + { + "name": "AddPurchaseOrder", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Allow or deny IAM users permission to add a new purchase order", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeletePurchaseOrder", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Allow or deny IAM users permission to delete a purchase order", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetPurchaseOrder", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Allow or deny IAM users permission to get a purchase order", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListPurchaseOrderInvoices", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Allow or deny IAM users permission to list purchase order invoices", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListPurchaseOrders", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Allow or deny IAM users permission to get all available purchase orders", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "ModifyPurchaseOrders", "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", - "description": "Modify purchase orders and details", + "description": "Grants permission to modify purchase orders and details", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdatePurchaseOrder", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Allow or deny IAM users permission to update an existing purchase order", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdatePurchaseOrderStatus", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Allow or deny IAM users permission to set purchase order status", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], @@ -15,7 +78,7 @@ { "name": "ViewPurchaseOrders", "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", - "description": "View purchase orders and details", + "description": "Grants permission to view purchase orders and details", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], diff --git a/src/data/iam-services/aws-tax-settings.json b/src/data/iam-services/aws-tax-settings.json index 66e52b4..a53a15f 100644 --- a/src/data/iam-services/aws-tax-settings.json +++ b/src/data/iam-services/aws-tax-settings.json @@ -3,17 +3,45 @@ "servicePrefix": "tax", "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awstaxsettings.html", "actions": [ + { + "name": "BatchPutTaxRegistration", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", + "description": "Grants permission to batch update tax registrations", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteTaxRegistration", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", + "description": "Grants permission to delete tax registration data", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "GetExemptions", - "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", "description": "Grants permission to view tax exemptions data", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, + { + "name": "GetTaxInheritance", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", + "description": "Grants permission to view tax inheritance status", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "GetTaxInterview", + "documentationUrl": "https://docs.aws.amazon.com/marketplace/latest/userguide/detailed-management-portal-permissions.html", "description": "Grants permission to retrieve tax interview data", "accessLevel": "Read", "resourceTypes": [], @@ -22,14 +50,43 @@ }, { "name": "GetTaxRegistration", + "documentationUrl": "https://docs.aws.amazon.com/marketplace/latest/userguide/detailed-management-portal-permissions.html", "description": "Grants permission to view tax registrations data", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, + { + "name": "GetTaxRegistrationDocument", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", + "description": "Grants permission to download tax registration documents", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListTaxRegistrations", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", + "description": "Grants permission to view tax registrations", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "PutTaxInheritance", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", + "description": "Grants permission to set tax inheritance", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "PutTaxInterview", + "documentationUrl": "https://docs.aws.amazon.com/marketplace/latest/userguide/detailed-management-portal-permissions.html", "description": "Grants permission to update tax interview data", "accessLevel": "Write", "resourceTypes": [], @@ -38,6 +95,7 @@ }, { "name": "PutTaxRegistration", + "documentationUrl": "https://docs.aws.amazon.com/marketplace/latest/userguide/detailed-management-portal-permissions.html", "description": "Grants permission to update tax registrations data", "accessLevel": "Write", "resourceTypes": [], @@ -46,7 +104,7 @@ }, { "name": "UpdateExemptions", - "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html", "description": "Grants permission to update tax exemptions data", "accessLevel": "Write", "resourceTypes": [],