diff --git a/src/data/iam-services/amazon-cloudwatch-logs.json b/src/data/iam-services/amazon-cloudwatch-logs.json index f214b57..9674618 100644 --- a/src/data/iam-services/amazon-cloudwatch-logs.json +++ b/src/data/iam-services/amazon-cloudwatch-logs.json @@ -68,6 +68,15 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "DeleteAccountPolicy", + "documentationUrl": "https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteDataProtectionPolicy.html", + "description": "Grants permission to delete a data protection policy attached to an account", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "DeleteDataProtectionPolicy", "documentationUrl": "https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteDataProtectionPolicy.html", @@ -172,6 +181,15 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "DescribeAccountPolicies", + "documentationUrl": "https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeAccountPolicies.html", + "description": "Grants permission to retrieve a data protection policy attached to an account", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "DescribeDestinations", "documentationUrl": "https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeDestinations.html", @@ -382,6 +400,15 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "PutAccountPolicy", + "documentationUrl": "https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html", + "description": "Grants permission to attach a data protection policy at account level to detect and redact sensitive information from log events", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "PutDataProtectionPolicy", "documentationUrl": "https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html", diff --git a/src/data/iam-services/amazon-ec2.json b/src/data/iam-services/amazon-ec2.json index 25a284c..98d51d8 100644 --- a/src/data/iam-services/amazon-ec2.json +++ b/src/data/iam-services/amazon-ec2.json @@ -1506,6 +1506,35 @@ "ec2:CreateTags" ] }, + { + "name": "CreateInstanceConnectEndpoint", + "documentationUrl": "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateInstanceConnectEndpoint.html", + "description": "Grants permission to create an EC2 Instance Connect Endpoint that allows you to connect to an instance without a public IPv4 address", + "accessLevel": "Write", + "resourceTypes": [ + "instance-connect-endpoint*", + "subnet*", + "security-group" + ], + "conditionKeys": [ + "ec2:SubnetID", + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc", + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:Region" + ], + "dependentActions": [ + "ec2:CreateTags" + ] + }, { "name": "CreateInstanceEventWindow", "documentationUrl": "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateInstanceEventWindow.html", @@ -2369,6 +2398,7 @@ "import-image-task", "import-snapshot-task", "instance", + "instance-connect-endpoint", "instance-event-window", "internet-gateway", "ipam", @@ -2514,6 +2544,9 @@ "ec2:Tenancy", "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", "aws:ResourceTag/${TagKey}", "ec2:InternetGatewayID", "ec2:ResourceTag/${TagKey}", @@ -3537,6 +3570,22 @@ ], "dependentActions": [] }, + { + "name": "DeleteInstanceConnectEndpoint", + "documentationUrl": "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteInstanceConnectEndpoint.html", + "description": "Grants permission to delete an EC2 Instance Connect Endpoint", + "accessLevel": "Write", + "resourceTypes": [ + "instance-connect-endpoint*" + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Region" + ], + "dependentActions": [] + }, { "name": "DeleteInstanceEventWindow", "documentationUrl": "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteInstanceEventWindow.html", @@ -4119,6 +4168,7 @@ "import-image-task", "import-snapshot-task", "instance", + "instance-connect-endpoint", "instance-event-window", "internet-gateway", "ipam", @@ -4344,6 +4394,8 @@ "ec2:ResourceTag/${TagKey}", "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", "aws:TagKeys", "ec2:Region" ], @@ -5502,6 +5554,17 @@ ], "dependentActions": [] }, + { + "name": "DescribeInstanceConnectEndpoints", + "documentationUrl": "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstanceConnectEndpoints.html", + "description": "Grants permission to describe EC2 Instance Connect Endpoints", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [ + "ec2:Region" + ], + "dependentActions": [] + }, { "name": "DescribeInstanceCreditSpecifications", "documentationUrl": "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstanceCreditSpecifications.html", diff --git a/src/data/iam-services/amazon-kendra.json b/src/data/iam-services/amazon-kendra.json index 110d7e6..466aa44 100644 --- a/src/data/iam-services/amazon-kendra.json +++ b/src/data/iam-services/amazon-kendra.json @@ -619,6 +619,17 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "Retrieve", + "documentationUrl": "https://docs.aws.amazon.com/kendra/latest/dg/API_Retrieve.html", + "description": "Grants permission to retrieve relevant content from an index", + "accessLevel": "Read", + "resourceTypes": [ + "index*" + ], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "StartDataSourceSyncJob", "documentationUrl": "https://docs.aws.amazon.com/kendra/latest/dg/API_StartDataSourceSyncJob.html", diff --git a/src/data/iam-services/aws-appconfig.json b/src/data/iam-services/aws-appconfig.json index a3b1e7e..23d614d 100644 --- a/src/data/iam-services/aws-appconfig.json +++ b/src/data/iam-services/aws-appconfig.json @@ -400,7 +400,9 @@ "configurationprofile", "deployment", "deploymentstrategy", - "environment" + "environment", + "extension", + "extensionassociation" ], "conditionKeys": [ "aws:ResourceTag/${TagKey}" diff --git a/src/data/iam-services/aws-application-discovery-service.json b/src/data/iam-services/aws-application-discovery-service.json index 7be22c2..e9a50cd 100644 --- a/src/data/iam-services/aws-application-discovery-service.json +++ b/src/data/iam-services/aws-application-discovery-service.json @@ -54,13 +54,15 @@ "description": "Grants permission to DeleteTags API. DeleteTags deletes the association between configuration items and one or more tags. This API accepts a list of multiple configuration items", "accessLevel": "Tagging", "resourceTypes": [], - "conditionKeys": [], + "conditionKeys": [ + "aws:TagKeys" + ], "dependentActions": [] }, { "name": "DescribeAgents", "documentationUrl": "https://docs.aws.amazon.com/application-discovery/latest/APIReference/API_DescribeAgents.html", - "description": "Grants permission to DescribeAgents API. DescribeAgents lists agents or the Connector by ID or lists all agents/Connectors associated with your user account if you did not specify an ID", + "description": "Grants permission to DescribeAgents API. DescribeAgents lists agents or the Connector by ID or lists all agents/Connectors associated with your user if you did not specify an ID", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], @@ -78,7 +80,7 @@ { "name": "DescribeContinuousExports", "documentationUrl": "https://docs.aws.amazon.com/application-discovery/latest/APIReference/API_DescribeContinuousExports.html", - "description": "Grants permission to DescribeContinuousExports API. DescribeContinuousExports lists exports as specified by ID. All continuous exports associated with your user account can be listed if you call DescribeContinuousExports as is without passing any parameters", + "description": "Grants permission to DescribeContinuousExports API. DescribeContinuousExports lists exports as specified by ID. All continuous exports associated with your user can be listed if you call DescribeContinuousExports as is without passing any parameters", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], @@ -105,7 +107,7 @@ { "name": "DescribeImportTasks", "documentationUrl": "https://docs.aws.amazon.com/application-discovery/latest/APIReference/API_DescribeImportTasks.html", - "description": "Grants permission to DescribeImportTasks API. DescribeImportTasks returns an array of import tasks for your account, including status information, times, IDs, the Amazon S3 Object URL for the import file, and more", + "description": "Grants permission to DescribeImportTasks API. DescribeImportTasks returns an array of import tasks for your user, including status information, times, IDs, the Amazon S3 Object URL for the import file, and more", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], @@ -217,7 +219,9 @@ "discovery:AssociateConfigurationItemsToApplication", "discovery:CreateApplication", "discovery:CreateTags", - "discovery:ListConfigurations" + "discovery:GetDiscoverySummary", + "discovery:ListConfigurations", + "s3:GetObject" ] }, { diff --git a/src/data/iam-services/aws-application-migration-service.json b/src/data/iam-services/aws-application-migration-service.json index d52f87f..856a7c0 100644 --- a/src/data/iam-services/aws-application-migration-service.json +++ b/src/data/iam-services/aws-application-migration-service.json @@ -517,6 +517,15 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "ListManagedAccounts", + "documentationUrl": "https://docs.aws.amazon.com/mgn/latest/APIReference/API_ListManagedAccounts.html", + "description": "Grants permission to list managed accounts", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "ListSourceServerActions", "documentationUrl": "https://docs.aws.amazon.com/mgn/latest/APIReference/API_ListSourceServerActions.html", @@ -623,6 +632,17 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "PauseReplication", + "documentationUrl": "https://docs.aws.amazon.com/mgn/latest/APIReference/API_PauseReplication.html", + "description": "Grants permission to pause replication", + "accessLevel": "Write", + "resourceTypes": [ + "SourceServerResource*" + ], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "PutSourceServerAction", "documentationUrl": "https://docs.aws.amazon.com/mgn/latest/APIReference/API_PutSourceServerAction.html", @@ -679,6 +699,17 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "ResumeReplication", + "documentationUrl": "https://docs.aws.amazon.com/mgn/latest/APIReference/API_ResumeReplication.html", + "description": "Grants permission to resume replication", + "accessLevel": "Write", + "resourceTypes": [ + "SourceServerResource*" + ], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "RetryDataReplication", "documentationUrl": "https://docs.aws.amazon.com/mgn/latest/APIReference/API_RetryDataReplication.html", @@ -921,6 +952,17 @@ "mgn:ListTagsForResource" ] }, + { + "name": "StopReplication", + "documentationUrl": "https://docs.aws.amazon.com/mgn/latest/APIReference/API_StopReplication.html", + "description": "Grants permission to stop replication", + "accessLevel": "Write", + "resourceTypes": [ + "SourceServerResource*" + ], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "TagResource", "documentationUrl": "https://docs.aws.amazon.com/mgn/latest/APIReference/API_TagResource.html", diff --git a/src/data/iam-services/aws-audit-manager.json b/src/data/iam-services/aws-audit-manager.json index 628e763..46c07e9 100644 --- a/src/data/iam-services/aws-audit-manager.json +++ b/src/data/iam-services/aws-audit-manager.json @@ -302,6 +302,15 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "GetEvidenceFileUploadUrl", + "documentationUrl": "https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_GetEvidenceFileUploadUrl.html", + "description": "Grants permission to get a presigned Amazon S3 URL that can be used to upload a file as manual evidence", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "GetEvidenceFolder", "documentationUrl": "https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_GetEvidenceFolder.html", diff --git a/src/data/iam-services/aws-backup.json b/src/data/iam-services/aws-backup.json index 8025f09..3cf062b 100644 --- a/src/data/iam-services/aws-backup.json +++ b/src/data/iam-services/aws-backup.json @@ -612,6 +612,7 @@ "backupPlan", "backupVault", "framework", + "legalHold", "recoveryPoint", "reportPlan" ], @@ -661,10 +662,7 @@ "resourceTypes": [ "backupVault*" ], - "conditionKeys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "conditionKeys": [], "dependentActions": [ "iam:PassRole" ] @@ -760,10 +758,7 @@ "resourceTypes": [ "backupPlan*" ], - "conditionKeys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "conditionKeys": [], "dependentActions": [] }, { @@ -774,10 +769,7 @@ "resourceTypes": [ "framework*" ], - "conditionKeys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "conditionKeys": [], "dependentActions": [] }, { diff --git a/src/data/iam-services/aws-database-migration-service.json b/src/data/iam-services/aws-database-migration-service.json index edc5b57..24f57d9 100644 --- a/src/data/iam-services/aws-database-migration-service.json +++ b/src/data/iam-services/aws-database-migration-service.json @@ -48,7 +48,9 @@ "MigrationProject*" ], "conditionKeys": [], - "dependentActions": [] + "dependentActions": [ + "dms:StartExtensionPackAssociation" + ] }, { "name": "BatchStartRecommendations", @@ -453,6 +455,17 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "DescribeConversionConfiguration", + "documentationUrl": "https://docs.aws.amazon.com/dms/latest/APIReference/Welcome.html", + "description": "Grants permission to return information about DMS Schema Conversion project configuration", + "accessLevel": "Read", + "resourceTypes": [ + "MigrationProject*" + ], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "DescribeDataMigrations", "documentationUrl": "https://docs.aws.amazon.com/dms/latest/APIReference/Welcome.html", @@ -462,6 +475,19 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "DescribeDataProviders", + "documentationUrl": "Welcome.html", + "description": "Grants permission to list the AWS DMS attributes for a data providers. Note. This action should be added along with ListDataProviders, but does not currently authorize the described Schema Conversion operation", + "accessLevel": "Read", + "resourceTypes": [ + "DataProvider" + ], + "conditionKeys": [], + "dependentActions": [ + "dms:ListDataProviders" + ] + }, { "name": "DescribeEndpointSettings", "documentationUrl": "https://docs.aws.amazon.com/dms/latest/APIReference/API_DescribeEndpointSettings.html", @@ -516,6 +542,19 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "DescribeExtensionPackAssociations", + "documentationUrl": "Welcome.html", + "description": "Grants permission to list the AWS DMS attributes for extension packs. Note. This action should be added along with ListExtensionPacks, but does not currently authorize the described Schema Conversion operation", + "accessLevel": "Read", + "resourceTypes": [ + "MigrationProject*" + ], + "conditionKeys": [], + "dependentActions": [ + "dms:ListExtensionPacks" + ] + }, { "name": "DescribeFleetAdvisorCollectors", "documentationUrl": "https://docs.aws.amazon.com/dms/latest/APIReference/API_DescribeFleetAdvisorCollectors.html", @@ -561,6 +600,97 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "DescribeInstanceProfiles", + "documentationUrl": "Welcome.html", + "description": "Grants permission to list the AWS DMS attributes for a instance profiles. Note. This action should be added along with ListInstanceProfiles, but does not currently authorize the described Schema Conversion operation", + "accessLevel": "Read", + "resourceTypes": [ + "InstanceProfile" + ], + "conditionKeys": [], + "dependentActions": [ + "dms:ListInstanceProfiles" + ] + }, + { + "name": "DescribeMetadataModelAssessments", + "documentationUrl": "Welcome.html", + "description": "Grants permission to list the AWS DMS attributes for metadata model assessments. Note. This action should be added along with ListMetadataModelAssessments, but does not currently authorize the described Schema Conversion operation", + "accessLevel": "Read", + "resourceTypes": [ + "MigrationProject*" + ], + "conditionKeys": [], + "dependentActions": [ + "dms:ListMetadataModelAssessments" + ] + }, + { + "name": "DescribeMetadataModelConversions", + "documentationUrl": "Welcome.html", + "description": "Grants permission to list the AWS DMS attributes for a metadata model conversions. Note. This action should be added along with ListMetadataModelConversions, but does not currently authorize the described Schema Conversion operation", + "accessLevel": "Read", + "resourceTypes": [ + "MigrationProject*" + ], + "conditionKeys": [], + "dependentActions": [ + "dms:ListMetadataModelConversions" + ] + }, + { + "name": "DescribeMetadataModelExportsAsScript", + "documentationUrl": "Welcome.html", + "description": "Grants permission to list the AWS DMS attributes for a metadata model exports. Note. This action should be added along with ListMetadataModelExports, but does not currently authorize the described Schema Conversion operation", + "accessLevel": "Read", + "resourceTypes": [ + "MigrationProject*" + ], + "conditionKeys": [], + "dependentActions": [ + "dms:ListMetadataModelExports" + ] + }, + { + "name": "DescribeMetadataModelExportsToTarget", + "documentationUrl": "Welcome.html", + "description": "Grants permission to list the AWS DMS attributes for a metadata model exports. Note. This action should be added along with ListMetadataModelExports, but does not currently authorize the described Schema Conversion operation", + "accessLevel": "Read", + "resourceTypes": [ + "MigrationProject*" + ], + "conditionKeys": [], + "dependentActions": [ + "dms:ListMetadataModelExports" + ] + }, + { + "name": "DescribeMetadataModelImports", + "documentationUrl": "https://docs.aws.amazon.com/dms/latest/APIReference/Welcome.html", + "description": "Grants permission to return information about start metadata model import operations for a migration project", + "accessLevel": "Read", + "resourceTypes": [ + "MigrationProject*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DescribeMigrationProjects", + "documentationUrl": "Welcome.html", + "description": "Grants permission to list the AWS DMS attributes for a migration projects. Note. This action should be added along with ListMigrationProjects, but does not currently authorize the described Schema Conversion operation", + "accessLevel": "Read", + "resourceTypes": [ + "DataProvider", + "InstanceProfile", + "MigrationProject" + ], + "conditionKeys": [], + "dependentActions": [ + "dms:ListMigrationProjects" + ] + }, { "name": "DescribeOrderableReplicationInstances", "documentationUrl": "https://docs.aws.amazon.com/dms/latest/APIReference/API_DescribeOrderableReplicationInstances.html", @@ -790,7 +920,9 @@ "DataProvider" ], "conditionKeys": [], - "dependentActions": [] + "dependentActions": [ + "dms:DescribeDataProviders" + ] }, { "name": "ListExtensionPacks", @@ -801,7 +933,9 @@ "MigrationProject" ], "conditionKeys": [], - "dependentActions": [] + "dependentActions": [ + "dms:DescribeExtensionPackAssociations" + ] }, { "name": "ListInstanceProfiles", @@ -812,7 +946,9 @@ "InstanceProfile" ], "conditionKeys": [], - "dependentActions": [] + "dependentActions": [ + "dms:DescribeInstanceProfiles" + ] }, { "name": "ListMetadataModelAssessmentActionItems", @@ -834,7 +970,9 @@ "MigrationProject" ], "conditionKeys": [], - "dependentActions": [] + "dependentActions": [ + "dms:DescribeMetadataModelAssessments" + ] }, { "name": "ListMetadataModelConversions", @@ -845,7 +983,9 @@ "MigrationProject" ], "conditionKeys": [], - "dependentActions": [] + "dependentActions": [ + "dms:DescribeMetadataModelConversions" + ] }, { "name": "ListMetadataModelExports", @@ -856,7 +996,10 @@ "MigrationProject" ], "conditionKeys": [], - "dependentActions": [] + "dependentActions": [ + "dms:DescribeMetadataModelExportsAsScript", + "dms:DescribeMetadataModelExportsToTarget" + ] }, { "name": "ListMigrationProjects", @@ -869,7 +1012,9 @@ "MigrationProject" ], "conditionKeys": [], - "dependentActions": [] + "dependentActions": [ + "dms:DescribeMigrationProjects" + ] }, { "name": "ListTagsForResource", @@ -892,6 +1037,19 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "ModifyConversionConfiguration", + "documentationUrl": "Welcome.html", + "description": "Grants permission to update a conversion configuration. Note. This action should be added along with UpdateConversionConfiguration, but does not currently authorize the described Schema Conversion operation", + "accessLevel": "Write", + "resourceTypes": [ + "MigrationProject*" + ], + "conditionKeys": [], + "dependentActions": [ + "dms:UpdateConversionConfiguration" + ] + }, { "name": "ModifyDataMigration", "documentationUrl": "https://docs.aws.amazon.com/dms/latest/APIReference/Welcome.html", @@ -903,6 +1061,19 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "ModifyDataProvider", + "documentationUrl": "Welcome.html", + "description": "Grants permission to modify the specified data provider. Note. This action should be added along with UpdateDataProvider, but does not currently authorize the described Schema Conversion operation", + "accessLevel": "Write", + "resourceTypes": [ + "DataProvider*" + ], + "conditionKeys": [], + "dependentActions": [ + "dms:UpdateDataProvider" + ] + }, { "name": "ModifyEndpoint", "documentationUrl": "https://docs.aws.amazon.com/dms/latest/APIReference/API_ModifyEndpoint.html", @@ -942,6 +1113,32 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "ModifyInstanceProfile", + "documentationUrl": "Welcome.html", + "description": "Grants permission to modify the specified instance profile. Note. This action should be added along with UpdateInstanceProfile, but does not currently authorize the described Schema Conversion operation", + "accessLevel": "Write", + "resourceTypes": [ + "InstanceProfile*" + ], + "conditionKeys": [], + "dependentActions": [ + "dms:UpdateInstanceProfile" + ] + }, + { + "name": "ModifyMigrationProject", + "documentationUrl": "Welcome.html", + "description": "Grants permission to modify the specified migration project. Note. This action should be added along with UpdateMigrationProject, but does not currently authorize the described Schema Conversion operation", + "accessLevel": "Write", + "resourceTypes": [ + "MigrationProject*" + ], + "conditionKeys": [], + "dependentActions": [ + "dms:UpdateMigrationProject" + ] + }, { "name": "ModifyReplicationConfig", "documentationUrl": "https://docs.aws.amazon.com/dms/latest/APIReference/Welcome.html", @@ -1084,6 +1281,19 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "StartExtensionPackAssociation", + "documentationUrl": "Welcome.html", + "description": "Grants permission to associate an extension pack. Note. This action should be added along with AssociateExtensionPack, but does not currently authorize the described Schema Conversion operation", + "accessLevel": "Write", + "resourceTypes": [ + "MigrationProject*" + ], + "conditionKeys": [], + "dependentActions": [ + "dms:AssociateExtensionPack" + ] + }, { "name": "StartMetadataModelAssessment", "documentationUrl": "https://docs.aws.amazon.com/dms/latest/APIReference/Welcome.html", @@ -1106,6 +1316,19 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "StartMetadataModelExportAsScript", + "documentationUrl": "Welcome.html", + "description": "Grants permission to start a new export of metadata model as script. Note. This action should be added along with StartMetadataModelExportAsScripts, but does not currently authorize the described Schema Conversion operation", + "accessLevel": "Write", + "resourceTypes": [ + "MigrationProject*" + ], + "conditionKeys": [], + "dependentActions": [ + "dms:StartMetadataModelExportAsScripts" + ] + }, { "name": "StartMetadataModelExportAsScripts", "documentationUrl": "https://docs.aws.amazon.com/dms/latest/APIReference/Welcome.html", @@ -1115,7 +1338,9 @@ "MigrationProject*" ], "conditionKeys": [], - "dependentActions": [] + "dependentActions": [ + "dms:StartMetadataModelExportAsScript" + ] }, { "name": "StartMetadataModelExportToTarget", @@ -1246,7 +1471,9 @@ "MigrationProject*" ], "conditionKeys": [], - "dependentActions": [] + "dependentActions": [ + "dms:ModifyConversionConfiguration" + ] }, { "name": "UpdateDataProvider", @@ -1257,7 +1484,9 @@ "DataProvider*" ], "conditionKeys": [], - "dependentActions": [] + "dependentActions": [ + "dms:ModifyDataProvider" + ] }, { "name": "UpdateInstanceProfile", @@ -1268,7 +1497,9 @@ "InstanceProfile*" ], "conditionKeys": [], - "dependentActions": [] + "dependentActions": [ + "dms:ModifyInstanceProfile" + ] }, { "name": "UpdateMigrationProject", @@ -1279,7 +1510,9 @@ "MigrationProject*" ], "conditionKeys": [], - "dependentActions": [] + "dependentActions": [ + "dms:ModifyMigrationProject" + ] }, { "name": "UpdateSubscriptionsToEventBridge", diff --git a/src/data/iam-services/aws-elemental-mediapackage-v2.json b/src/data/iam-services/aws-elemental-mediapackage-v2.json index 82d4b00..bbcd224 100644 --- a/src/data/iam-services/aws-elemental-mediapackage-v2.json +++ b/src/data/iam-services/aws-elemental-mediapackage-v2.json @@ -149,7 +149,7 @@ }, { "name": "GetHeadObject", - "documentationUrl": "API_GetChannelPolicy.html", + "documentationUrl": "https://docs.aws.amazon.com/mediapackage/latest/userguide/dataplane-apis.html", "description": "Grants permission to make GetHeadObject requests to MediaPackage", "accessLevel": "Read", "resourceTypes": [], @@ -158,7 +158,7 @@ }, { "name": "GetObject", - "documentationUrl": "API_GetChannelPolicy.html", + "documentationUrl": "https://docs.aws.amazon.com/mediapackage/latest/userguide/dataplane-apis.html", "description": "Grants permission to make GetObject requests to MediaPackage", "accessLevel": "Read", "resourceTypes": [], @@ -252,7 +252,7 @@ }, { "name": "PutObject", - "documentationUrl": "API_PutChannelPolicy.html", + "documentationUrl": "https://docs.aws.amazon.com/mediapackage/latest/userguide/dataplane-apis.html", "description": "Grants permission to make PutObject requests to MediaPackage", "accessLevel": "Write", "resourceTypes": [ diff --git a/src/data/iam-services/aws-identity-and-access-management-(iam).json b/src/data/iam-services/aws-identity-and-access-management-(iam).json new file mode 100644 index 0000000..10dac77 --- /dev/null +++ b/src/data/iam-services/aws-identity-and-access-management-(iam).json @@ -0,0 +1,1945 @@ +{ + "serviceName": "AWS Identity and Access Management (IAM)", + "servicePrefix": "iam", + "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awsidentityandaccessmanagementiam.html", + "actions": [ + { + "name": "AddClientIDToOpenIDConnectProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddClientIDToOpenIDConnectProvider.html", + "description": "Grants permission to add a new client ID (audience) to the list of registered IDs for the specified IAM OpenID Connect (OIDC) provider resource", + "accessLevel": "Write", + "resourceTypes": [ + "oidc-provider*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "AddRoleToInstanceProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddRoleToInstanceProfile.html", + "description": "Grants permission to add an IAM role to the specified instance profile", + "accessLevel": "Write", + "resourceTypes": [ + "instance-profile*" + ], + "conditionKeys": [], + "dependentActions": [ + "iam:PassRole" + ] + }, + { + "name": "AddUserToGroup", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddUserToGroup.html", + "description": "Grants permission to add an IAM user to the specified IAM group", + "accessLevel": "Write", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "AttachGroupPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachGroupPolicy.html", + "description": "Grants permission to attach a managed policy to the specified IAM group", + "accessLevel": "Permissions management", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [ + "iam:PolicyARN" + ], + "dependentActions": [] + }, + { + "name": "AttachRolePolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachRolePolicy.html", + "description": "Grants permission to attach a managed policy to the specified IAM role", + "accessLevel": "Permissions management", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "iam:PolicyARN", + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "AttachUserPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachUserPolicy.html", + "description": "Grants permission to attach a managed policy to the specified IAM user", + "accessLevel": "Permissions management", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [ + "iam:PolicyARN", + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "ChangePassword", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html", + "description": "Grants permission to an IAM user to change their own password", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "CreateAccessKey", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccessKey.html", + "description": "Grants permission to create access key and secret access key for the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "CreateAccountAlias", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccountAlias.html", + "description": "Grants permission to create an alias for your AWS account", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "CreateGroup", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateGroup.html", + "description": "Grants permission to create a new group", + "accessLevel": "Write", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "CreateInstanceProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateInstanceProfile.html", + "description": "Grants permission to create a new instance profile", + "accessLevel": "Write", + "resourceTypes": [ + "instance-profile*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "CreateLoginProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateLoginProfile.html", + "description": "Grants permission to create a password for the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "CreateOpenIDConnectProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html", + "description": "Grants permission to create an IAM resource that describes an identity provider (IdP) that supports OpenID Connect (OIDC)", + "accessLevel": "Write", + "resourceTypes": [ + "oidc-provider*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "CreatePolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html", + "description": "Grants permission to create a new managed policy", + "accessLevel": "Permissions management", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "CreatePolicyVersion", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicyVersion.html", + "description": "Grants permission to create a new version of the specified managed policy", + "accessLevel": "Permissions management", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "CreateRole", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html", + "description": "Grants permission to create a new role", + "accessLevel": "Write", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "iam:PermissionsBoundary", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "CreateSAMLProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateSAMLProvider.html", + "description": "Grants permission to create an IAM resource that describes an identity provider (IdP) that supports SAML 2.0", + "accessLevel": "Write", + "resourceTypes": [ + "saml-provider*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "CreateServiceLinkedRole", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateServiceLinkedRole.html", + "description": "Grants permission to create an IAM role that allows an AWS service to perform actions on your behalf", + "accessLevel": "Write", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "iam:AWSServiceName" + ], + "dependentActions": [] + }, + { + "name": "CreateServiceSpecificCredential", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateServiceSpecificCredential.html", + "description": "Grants permission to create a new service-specific credential for an IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "CreateUser", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateUser.html", + "description": "Grants permission to create a new IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [ + "iam:PermissionsBoundary", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "CreateVirtualMFADevice", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateVirtualMFADevice.html", + "description": "Grants permission to create a new virtual MFA device", + "accessLevel": "Write", + "resourceTypes": [ + "mfa*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "DeactivateMFADevice", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeactivateMFADevice.html", + "description": "Grants permission to deactivate the specified MFA device and remove its association with the IAM user for which it was originally enabled", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteAccessKey", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccessKey.html", + "description": "Grants permission to delete the access key pair that is associated with the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteAccountAlias", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccountAlias.html", + "description": "Grants permission to delete the specified AWS account alias", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteAccountPasswordPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccountPasswordPolicy.html", + "description": "Grants permission to delete the password policy for the AWS account", + "accessLevel": "Permissions management", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteCloudFrontPublicKey", + "documentationUrl": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html", + "description": "Grants permission to delete an existing CloudFront public key", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteGroup", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteGroup.html", + "description": "Grants permission to delete the specified IAM group", + "accessLevel": "Write", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteGroupPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteGroupPolicy.html", + "description": "Grants permission to delete the specified inline policy from its group", + "accessLevel": "Permissions management", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteInstanceProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteInstanceProfile.html", + "description": "Grants permission to delete the specified instance profile", + "accessLevel": "Write", + "resourceTypes": [ + "instance-profile*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteLoginProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteLoginProfile.html", + "description": "Grants permission to delete the password for the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteOpenIDConnectProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteOpenIDConnectProvider.html", + "description": "Grants permission to delete an OpenID Connect identity provider (IdP) resource object in IAM", + "accessLevel": "Write", + "resourceTypes": [ + "oidc-provider*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeletePolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicy.html", + "description": "Grants permission to delete the specified managed policy and remove it from any IAM entities (users, groups, or roles) to which it is attached", + "accessLevel": "Permissions management", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeletePolicyVersion", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicyVersion.html", + "description": "Grants permission to delete a version from the specified managed policy", + "accessLevel": "Permissions management", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteRole", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRole.html", + "description": "Grants permission to delete the specified role", + "accessLevel": "Write", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteRolePermissionsBoundary", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePermissionsBoundary.html", + "description": "Grants permission to remove the permissions boundary from a role", + "accessLevel": "Permissions management", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "DeleteRolePolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePolicy.html", + "description": "Grants permission to delete the specified inline policy from the specified role", + "accessLevel": "Permissions management", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "DeleteSAMLProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSAMLProvider.html", + "description": "Grants permission to delete a SAML provider resource in IAM", + "accessLevel": "Write", + "resourceTypes": [ + "saml-provider*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteSSHPublicKey", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSSHPublicKey.html", + "description": "Grants permission to delete the specified SSH public key", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteServerCertificate", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServerCertificate.html", + "description": "Grants permission to delete the specified server certificate", + "accessLevel": "Write", + "resourceTypes": [ + "server-certificate*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteServiceLinkedRole", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceLinkedRole.html", + "description": "Grants permission to delete an IAM role that is linked to a specific AWS service, if the service is no longer using it", + "accessLevel": "Write", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteServiceSpecificCredential", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServiceSpecificCredential.html", + "description": "Grants permission to delete the specified service-specific credential for an IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteSigningCertificate", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteSigningCertificate.html", + "description": "Grants permission to delete a signing certificate that is associated with the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteUser", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUser.html", + "description": "Grants permission to delete the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteUserPermissionsBoundary", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPermissionsBoundary.html", + "description": "Grants permission to remove the permissions boundary from the specified IAM user", + "accessLevel": "Permissions management", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [ + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "DeleteUserPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPolicy.html", + "description": "Grants permission to delete the specified inline policy from an IAM user", + "accessLevel": "Permissions management", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [ + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "DeleteVirtualMFADevice", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteVirtualMFADevice.html", + "description": "Grants permission to delete a virtual MFA device", + "accessLevel": "Write", + "resourceTypes": [ + "mfa", + "sms-mfa" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DetachGroupPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachGroupPolicy.html", + "description": "Grants permission to detach a managed policy from the specified IAM group", + "accessLevel": "Permissions management", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [ + "iam:PolicyARN" + ], + "dependentActions": [] + }, + { + "name": "DetachRolePolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html", + "description": "Grants permission to detach a managed policy from the specified role", + "accessLevel": "Permissions management", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "iam:PolicyARN", + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "DetachUserPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachUserPolicy.html", + "description": "Grants permission to detach a managed policy from the specified IAM user", + "accessLevel": "Permissions management", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [ + "iam:PolicyARN", + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "EnableMFADevice", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_EnableMFADevice.html", + "description": "Grants permission to enable an MFA device and associate it with the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [ + "iam:RegisterSecurityKey", + "iam:FIDO-FIPS-140-2-certification", + "iam:FIDO-FIPS-140-3-certification", + "iam:FIDO-certification" + ], + "dependentActions": [] + }, + { + "name": "GenerateCredentialReport", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateCredentialReport.html", + "description": "Grants permission to generate a credential report for the AWS account", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GenerateOrganizationsAccessReport", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateOrganizationsAccessReport.html", + "description": "Grants permission to generate an access report for an AWS Organizations entity", + "accessLevel": "Read", + "resourceTypes": [ + "access-report*" + ], + "conditionKeys": [ + "iam:OrganizationsPolicyId" + ], + "dependentActions": [ + "organizations:DescribePolicy", + "organizations:ListChildren", + "organizations:ListParents", + "organizations:ListPoliciesForTarget", + "organizations:ListRoots", + "organizations:ListTargetsForPolicy" + ] + }, + { + "name": "GenerateServiceLastAccessedDetails", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateServiceLastAccessedDetails.html", + "description": "Grants permission to generate a service last accessed data report for an IAM resource", + "accessLevel": "Read", + "resourceTypes": [ + "group*", + "policy*", + "role*", + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetAccessKeyLastUsed", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccessKeyLastUsed.html", + "description": "Grants permission to retrieve information about when the specified access key was last used", + "accessLevel": "Read", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetAccountAuthorizationDetails", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountAuthorizationDetails.html", + "description": "Grants permission to retrieve information about all IAM users, groups, roles, and policies in your AWS account, including their relationships to one another", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetAccountEmailAddress", + "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html", + "description": "Grants permission to retrieve the email address that is associated with the account", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetAccountName", + "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html", + "description": "Grants permission to retrieve the account name that is associated with the account", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetAccountPasswordPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountPasswordPolicy.html", + "description": "Grants permission to retrieve the password policy for the AWS account", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetAccountSummary", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountSummary.html", + "description": "Grants permission to retrieve information about IAM entity usage and IAM quotas in the AWS account", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetCloudFrontPublicKey", + "documentationUrl": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html", + "description": "Grants permission to retrieve information about the specified CloudFront public key", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetContextKeysForCustomPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForCustomPolicy.html", + "description": "Grants permission to retrieve a list of all of the context keys that are referenced in the specified policy", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetContextKeysForPrincipalPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html", + "description": "Grants permission to retrieve a list of all context keys that are referenced in all IAM policies that are attached to the specified IAM identity (user, group, or role)", + "accessLevel": "Read", + "resourceTypes": [ + "group", + "role", + "user" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetCredentialReport", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetCredentialReport.html", + "description": "Grants permission to retrieve a credential report for the AWS account", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetGroup", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroup.html", + "description": "Grants permission to retrieve a list of IAM users in the specified IAM group", + "accessLevel": "Read", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetGroupPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroupPolicy.html", + "description": "Grants permission to retrieve an inline policy document that is embedded in the specified IAM group", + "accessLevel": "Read", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetInstanceProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetInstanceProfile.html", + "description": "Grants permission to retrieve information about the specified instance profile, including the instance profile's path, GUID, ARN, and role", + "accessLevel": "Read", + "resourceTypes": [ + "instance-profile*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetLoginProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetLoginProfile.html", + "description": "Grants permission to retrieve the user name and password creation date for the specified IAM user", + "accessLevel": "List", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetMFADevice", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetMFADevice.html", + "description": "Grants permission to retrieve information about an MFA device for the specified user", + "accessLevel": "Read", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetOpenIDConnectProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetOpenIDConnectProvider.html", + "description": "Grants permission to retrieve information about the specified OpenID Connect (OIDC) provider resource in IAM", + "accessLevel": "Read", + "resourceTypes": [ + "oidc-provider*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetOrganizationsAccessReport", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetOrganizationsAccessReport.html", + "description": "Grants permission to retrieve an AWS Organizations access report", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html", + "description": "Grants permission to retrieve information about the specified managed policy, including the policy's default version and the total number of identities to which the policy is attached", + "accessLevel": "Read", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetPolicyVersion", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html", + "description": "Grants permission to retrieve information about a version of the specified managed policy, including the policy document", + "accessLevel": "Read", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetRole", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRole.html", + "description": "Grants permission to retrieve information about the specified role, including the role's path, GUID, ARN, and the role's trust policy", + "accessLevel": "Read", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetRolePolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetRolePolicy.html", + "description": "Grants permission to retrieve an inline policy document that is embedded with the specified IAM role", + "accessLevel": "Read", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetSAMLProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetSAMLProvider.html", + "description": "Grants permission to retrieve the SAML provider metadocument that was uploaded when the IAM SAML provider resource was created or updated", + "accessLevel": "Read", + "resourceTypes": [ + "saml-provider*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetSSHPublicKey", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetSSHPublicKey.html", + "description": "Grants permission to retrieve the specified SSH public key, including metadata about the key", + "accessLevel": "Read", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetServerCertificate", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServerCertificate.html", + "description": "Grants permission to retrieve information about the specified server certificate stored in IAM", + "accessLevel": "Read", + "resourceTypes": [ + "server-certificate*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetServiceLastAccessedDetails", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetails.html", + "description": "Grants permission to retrieve information about the service last accessed data report", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetServiceLastAccessedDetailsWithEntities", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLastAccessedDetailsWithEntities.html", + "description": "Grants permission to retrieve information about the entities from the service last accessed data report", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetServiceLinkedRoleDeletionStatus", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServiceLinkedRoleDeletionStatus.html", + "description": "Grants permission to retrieve an IAM service-linked role deletion status", + "accessLevel": "Read", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetUser", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUser.html", + "description": "Grants permission to retrieve information about the specified IAM user, including the user's creation date, path, unique ID, and ARN", + "accessLevel": "Read", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetUserPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUserPolicy.html", + "description": "Grants permission to retrieve an inline policy document that is embedded in the specified IAM user", + "accessLevel": "Read", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListAccessKeys", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html", + "description": "Grants permission to list information about the access key IDs that are associated with the specified IAM user", + "accessLevel": "List", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListAccountAliases", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccountAliases.html", + "description": "Grants permission to list the account alias that is associated with the AWS account", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListAttachedGroupPolicies", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedGroupPolicies.html", + "description": "Grants permission to list all managed policies that are attached to the specified IAM group", + "accessLevel": "List", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListAttachedRolePolicies", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html", + "description": "Grants permission to list all managed policies that are attached to the specified IAM role", + "accessLevel": "List", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListAttachedUserPolicies", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedUserPolicies.html", + "description": "Grants permission to list all managed policies that are attached to the specified IAM user", + "accessLevel": "List", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListCloudFrontPublicKeys", + "documentationUrl": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html", + "description": "Grants permission to list all current CloudFront public keys for the account", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListEntitiesForPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html", + "description": "Grants permission to list all IAM identities to which the specified managed policy is attached", + "accessLevel": "List", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListGroupPolicies", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupPolicies.html", + "description": "Grants permission to list the names of the inline policies that are embedded in the specified IAM group", + "accessLevel": "List", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListGroups", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroups.html", + "description": "Grants permission to list the IAM groups that have the specified path prefix", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListGroupsForUser", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupsForUser.html", + "description": "Grants permission to list the IAM groups that the specified IAM user belongs to", + "accessLevel": "List", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListInstanceProfileTags", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfileTags.html", + "description": "Grants permission to list the tags that are attached to the specified instance profile", + "accessLevel": "List", + "resourceTypes": [ + "instance-profile*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListInstanceProfiles", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfiles.html", + "description": "Grants permission to list the instance profiles that have the specified path prefix", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListInstanceProfilesForRole", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListInstanceProfilesForRole.html", + "description": "Grants permission to list the instance profiles that have the specified associated IAM role", + "accessLevel": "List", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListMFADeviceTags", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListMFADeviceTags.html", + "description": "Grants permission to list the tags that are attached to the specified virtual mfa device", + "accessLevel": "List", + "resourceTypes": [ + "mfa*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListMFADevices", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListMFADevices.html", + "description": "Grants permission to list the MFA devices for an IAM user", + "accessLevel": "List", + "resourceTypes": [ + "user" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListOpenIDConnectProviderTags", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviderTags.html", + "description": "Grants permission to list the tags that are attached to the specified OpenID Connect provider", + "accessLevel": "List", + "resourceTypes": [ + "oidc-provider*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListOpenIDConnectProviders", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviders.html", + "description": "Grants permission to list information about the IAM OpenID Connect (OIDC) provider resource objects that are defined in the AWS account", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListPolicies", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html", + "description": "Grants permission to list all managed policies", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListPoliciesGrantingServiceAccess", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPoliciesGrantingServiceAccess.html", + "description": "Grants permission to list information about the policies that grant an entity access to a specific service", + "accessLevel": "List", + "resourceTypes": [ + "group*", + "role*", + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListPolicyTags", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyTags.html", + "description": "Grants permission to list the tags that are attached to the specified managed policy", + "accessLevel": "List", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListPolicyVersions", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyVersions.html", + "description": "Grants permission to list information about the versions of the specified managed policy, including the version that is currently set as the policy's default version", + "accessLevel": "List", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListRolePolicies", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRolePolicies.html", + "description": "Grants permission to list the names of the inline policies that are embedded in the specified IAM role", + "accessLevel": "List", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListRoleTags", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRoleTags.html", + "description": "Grants permission to list the tags that are attached to the specified IAM role", + "accessLevel": "List", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListRoles", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRoles.html", + "description": "Grants permission to list the IAM roles that have the specified path prefix", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListSAMLProviderTags", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSAMLProviderTags.html", + "description": "Grants permission to list the tags that are attached to the specified SAML provider", + "accessLevel": "List", + "resourceTypes": [ + "saml-provider*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListSAMLProviders", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSAMLProviders.html", + "description": "Grants permission to list the SAML provider resources in IAM", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListSSHPublicKeys", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSSHPublicKeys.html", + "description": "Grants permission to list information about the SSH public keys that are associated with the specified IAM user", + "accessLevel": "List", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListSTSRegionalEndpointsStatus", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html", + "description": "Grants permission to list the status of all active STS regional endpoints", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListServerCertificateTags", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServerCertificateTags.html", + "description": "Grants permission to list the tags that are attached to the specified server certificate", + "accessLevel": "List", + "resourceTypes": [ + "server-certificate*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListServerCertificates", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServerCertificates.html", + "description": "Grants permission to list the server certificates that have the specified path prefix", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListServiceSpecificCredentials", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServiceSpecificCredentials.html", + "description": "Grants permission to list the service-specific credentials that are associated with the specified IAM user", + "accessLevel": "List", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListSigningCertificates", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSigningCertificates.html", + "description": "Grants permission to list information about the signing certificates that are associated with the specified IAM user", + "accessLevel": "List", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListUserPolicies", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUserPolicies.html", + "description": "Grants permission to list the names of the inline policies that are embedded in the specified IAM user", + "accessLevel": "List", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListUserTags", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUserTags.html", + "description": "Grants permission to list the tags that are attached to the specified IAM user", + "accessLevel": "List", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListUsers", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUsers.html", + "description": "Grants permission to list the IAM users that have the specified path prefix", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListVirtualMFADevices", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListVirtualMFADevices.html", + "description": "Grants permission to list virtual MFA devices by assignment status", + "accessLevel": "List", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "PassRole", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html", + "description": "Grants permission to pass a role to a service", + "accessLevel": "Write", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "iam:AssociatedResourceArn", + "iam:PassedToService" + ], + "dependentActions": [] + }, + { + "name": "PutGroupPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutGroupPolicy.html", + "description": "Grants permission to create or update an inline policy document that is embedded in the specified IAM group", + "accessLevel": "Permissions management", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "PutRolePermissionsBoundary", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePermissionsBoundary.html", + "description": "Grants permission to set a managed policy as a permissions boundary for a role", + "accessLevel": "Permissions management", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "PutRolePolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePolicy.html", + "description": "Grants permission to create or update an inline policy document that is embedded in the specified IAM role", + "accessLevel": "Permissions management", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "PutUserPermissionsBoundary", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPermissionsBoundary.html", + "description": "Grants permission to set a managed policy as a permissions boundary for an IAM user", + "accessLevel": "Permissions management", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [ + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "PutUserPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html", + "description": "Grants permission to create or update an inline policy document that is embedded in the specified IAM user", + "accessLevel": "Permissions management", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [ + "iam:PermissionsBoundary" + ], + "dependentActions": [] + }, + { + "name": "RemoveClientIDFromOpenIDConnectProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveClientIDFromOpenIDConnectProvider.html", + "description": "Grants permission to remove the client ID (audience) from the list of client IDs in the specified IAM OpenID Connect (OIDC) provider resource", + "accessLevel": "Write", + "resourceTypes": [ + "oidc-provider*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "RemoveRoleFromInstanceProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveRoleFromInstanceProfile.html", + "description": "Grants permission to remove an IAM role from the specified EC2 instance profile", + "accessLevel": "Write", + "resourceTypes": [ + "instance-profile*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "RemoveUserFromGroup", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_RemoveUserFromGroup.html", + "description": "Grants permission to remove an IAM user from the specified group", + "accessLevel": "Write", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ResetServiceSpecificCredential", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResetServiceSpecificCredential.html", + "description": "Grants permission to reset the password for an existing service-specific credential for an IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ResyncMFADevice", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResyncMFADevice.html", + "description": "Grants permission to synchronize the specified MFA device with its IAM entity (user or role)", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "SetDefaultPolicyVersion", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_SetDefaultPolicyVersion.html", + "description": "Grants permission to set the version of the specified policy as the policy's default version", + "accessLevel": "Permissions management", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "SetSTSRegionalEndpointStatus", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html", + "description": "Grants permission to activate or deactivate an STS regional endpoint", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "SetSecurityTokenServicePreferences", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_SetSecurityTokenServicePreferences.html", + "description": "Grants permission to set the STS global endpoint token version", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "SimulateCustomPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html", + "description": "Grants permission to simulate whether an identity-based policy or resource-based policy provides permissions for specific API operations and resources", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "SimulatePrincipalPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html", + "description": "Grants permission to simulate whether an identity-based policy that is attached to a specified IAM entity (user or role) provides permissions for specific API operations and resources", + "accessLevel": "Read", + "resourceTypes": [ + "group", + "role", + "user" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "TagInstanceProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagInstanceProfile.html", + "description": "Grants permission to add tags to an instance profile", + "accessLevel": "Tagging", + "resourceTypes": [ + "instance-profile*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "TagMFADevice", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagMFADevice.html", + "description": "Grants permission to add tags to a virtual mfa device", + "accessLevel": "Tagging", + "resourceTypes": [ + "mfa*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "TagOpenIDConnectProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagOpenIDConnectProvider.html", + "description": "Grants permission to add tags to an OpenID Connect provider", + "accessLevel": "Tagging", + "resourceTypes": [ + "oidc-provider*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "TagPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagPolicy.html", + "description": "Grants permission to add tags to a managed policy", + "accessLevel": "Tagging", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "TagRole", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagRole.html", + "description": "Grants permission to add tags to an IAM role", + "accessLevel": "Tagging", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "TagSAMLProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagSAMLProvider.html", + "description": "Grants permission to add tags to a SAML Provider", + "accessLevel": "Tagging", + "resourceTypes": [ + "saml-provider*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "TagServerCertificate", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagServerCertificate.html", + "description": "Grants permission to add tags to a server certificate", + "accessLevel": "Tagging", + "resourceTypes": [ + "server-certificate*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "TagUser", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagUser.html", + "description": "Grants permission to add tags to an IAM user", + "accessLevel": "Tagging", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "UntagInstanceProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagInstanceProfile.html", + "description": "Grants permission to remove the specified tags from the instance profile", + "accessLevel": "Tagging", + "resourceTypes": [ + "instance-profile*" + ], + "conditionKeys": [ + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "UntagMFADevice", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagMFADevice.html", + "description": "Grants permission to remove the specified tags from the virtual mfa device", + "accessLevel": "Tagging", + "resourceTypes": [ + "mfa*" + ], + "conditionKeys": [ + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "UntagOpenIDConnectProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagOpenIDConnectProvider.html", + "description": "Grants permission to remove the specified tags from the OpenID Connect provider", + "accessLevel": "Tagging", + "resourceTypes": [ + "oidc-provider*" + ], + "conditionKeys": [ + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "UntagPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagPolicy.html", + "description": "Grants permission to remove the specified tags from the managed policy", + "accessLevel": "Tagging", + "resourceTypes": [ + "policy*" + ], + "conditionKeys": [ + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "UntagRole", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagRole.html", + "description": "Grants permission to remove the specified tags from the role", + "accessLevel": "Tagging", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [ + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "UntagSAMLProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagSAMLProvider.html", + "description": "Grants permission to remove the specified tags from the SAML Provider", + "accessLevel": "Tagging", + "resourceTypes": [ + "saml-provider*" + ], + "conditionKeys": [ + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "UntagServerCertificate", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagServerCertificate.html", + "description": "Grants permission to remove the specified tags from the server certificate", + "accessLevel": "Tagging", + "resourceTypes": [ + "server-certificate*" + ], + "conditionKeys": [ + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "UntagUser", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagUser.html", + "description": "Grants permission to remove the specified tags from the user", + "accessLevel": "Tagging", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [ + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "UpdateAccessKey", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccessKey.html", + "description": "Grants permission to update the status of the specified access key as Active or Inactive", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateAccountEmailAddress", + "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html", + "description": "Grants permission to update the email address that is associated with the account", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateAccountName", + "documentationUrl": "https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-root-user.html", + "description": "Grants permission to update the account name that is associated with the account", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateAccountPasswordPolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccountPasswordPolicy.html", + "description": "Grants permission to update the password policy settings for the AWS account", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateAssumeRolePolicy", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html", + "description": "Grants permission to update the policy that grants an IAM entity permission to assume a role", + "accessLevel": "Permissions management", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateCloudFrontPublicKey", + "documentationUrl": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html", + "description": "Grants permission to update an existing CloudFront public key", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateGroup", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateGroup.html", + "description": "Grants permission to update the name or path of the specified IAM group", + "accessLevel": "Write", + "resourceTypes": [ + "group*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateLoginProfile", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateLoginProfile.html", + "description": "Grants permission to change the password for the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateOpenIDConnectProviderThumbprint", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateOpenIDConnectProviderThumbprint.html", + "description": "Grants permission to update the entire list of server certificate thumbprints that are associated with an OpenID Connect (OIDC) provider resource", + "accessLevel": "Write", + "resourceTypes": [ + "oidc-provider*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateRole", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateRole.html", + "description": "Grants permission to update the description or maximum session duration setting of a role", + "accessLevel": "Write", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateRoleDescription", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateRoleDescription.html", + "description": "Grants permission to update only the description of a role", + "accessLevel": "Write", + "resourceTypes": [ + "role*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateSAMLProvider", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateSAMLProvider.html", + "description": "Grants permission to update the metadata document for an existing SAML provider resource", + "accessLevel": "Write", + "resourceTypes": [ + "saml-provider*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateSSHPublicKey", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateSSHPublicKey.html", + "description": "Grants permission to update the status of an IAM user's SSH public key to active or inactive", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateServerCertificate", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateServerCertificate.html", + "description": "Grants permission to update the name or the path of the specified server certificate stored in IAM", + "accessLevel": "Write", + "resourceTypes": [ + "server-certificate*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateServiceSpecificCredential", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateServiceSpecificCredential.html", + "description": "Grants permission to update the status of a service-specific credential to active or inactive for an IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateSigningCertificate", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateSigningCertificate.html", + "description": "Grants permission to update the status of the specified user signing certificate to active or disabled", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UpdateUser", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateUser.html", + "description": "Grants permission to update the name or the path of the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UploadCloudFrontPublicKey", + "documentationUrl": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html", + "description": "Grants permission to upload a CloudFront public key", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UploadSSHPublicKey", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UploadSSHPublicKey.html", + "description": "Grants permission to upload an SSH public key and associate it with the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UploadServerCertificate", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UploadServerCertificate.html", + "description": "Grants permission to upload a server certificate entity for the AWS account", + "accessLevel": "Write", + "resourceTypes": [ + "server-certificate*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "UploadSigningCertificate", + "documentationUrl": "https://docs.aws.amazon.com/IAM/latest/APIReference/API_UploadSigningCertificate.html", + "description": "Grants permission to upload an X.509 signing certificate and associate it with the specified IAM user", + "accessLevel": "Write", + "resourceTypes": [ + "user*" + ], + "conditionKeys": [], + "dependentActions": [] + } + ] +} \ No newline at end of file diff --git a/src/data/iam-services/aws-mainframe-modernization-service.json b/src/data/iam-services/aws-mainframe-modernization-service.json index 5354192..01fa4ec 100644 --- a/src/data/iam-services/aws-mainframe-modernization-service.json +++ b/src/data/iam-services/aws-mainframe-modernization-service.json @@ -53,6 +53,7 @@ ], "conditionKeys": [], "dependentActions": [ + "elasticloadbalancing:AddTags", "elasticloadbalancing:CreateListener", "elasticloadbalancing:CreateTargetGroup", "elasticloadbalancing:RegisterTargets" @@ -78,6 +79,7 @@ "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", "elasticfilesystem:DescribeMountTargets", + "elasticloadbalancing:AddTags", "elasticloadbalancing:CreateLoadBalancer", "fsx:DescribeFileSystems", "iam:CreateServiceLinkedRole" diff --git a/src/data/iam-services/aws-payment-cryptography.json b/src/data/iam-services/aws-payment-cryptography.json new file mode 100644 index 0000000..15b3c0f --- /dev/null +++ b/src/data/iam-services/aws-payment-cryptography.json @@ -0,0 +1,347 @@ +{ + "serviceName": "AWS Payment Cryptography", + "servicePrefix": "payment-cryptography", + "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/./list_awspaymentcryptography.html", + "actions": [ + { + "name": "CreateAlias", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateAlias.html", + "description": "Grants permission to create a user-friendly name for a Key", + "accessLevel": "Write", + "resourceTypes": [ + "alias*", + "key*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "CreateKey", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html", + "description": "Grants permission to create a unique customer managed key in the caller's AWS account and region", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependentActions": [ + "payment-cryptography:TagResource" + ] + }, + { + "name": "DecryptData", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_DecryptData.html", + "description": "Grants permission to decrypt ciphertext data to plaintext using symmetric, asymmetric or DUKPT data encryption key", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DeleteAlias", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_DeleteAlias.html", + "description": "Grants permission to delete the specified alias", + "accessLevel": "Write", + "resourceTypes": [ + "alias*" + ], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "DeleteKey", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_DeleteKey.html", + "description": "Grants permission to schedule the deletion of a Key", + "accessLevel": "Write", + "resourceTypes": [ + "key*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "EncryptData", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_EncryptData.html", + "description": "Grants permission to encrypt plaintext data to ciphertext using symmetric, asymmetric or DUKPT data encryption key", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ExportKey", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ExportKey.html", + "description": "Grants permission to export a key from the service", + "accessLevel": "Write", + "resourceTypes": [ + "key*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GenerateCardValidationData", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_GenerateCardValidationData.html", + "description": "Grants permission to generate card-related data using algorithms such as Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2) or Card Security Codes (CSC) that check the validity of a magnetic stripe card", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GenerateMac", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_GenerateMac.html", + "description": "Grants permission to generate a MAC (Message Authentication Code) cryptogram", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GeneratePinData", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_GeneratePinData.html", + "description": "Grants permission to generate pin-related data such as PIN, PIN Verification Value (PVV), PIN Block and PIN Offset during new card issuance or card re-issuance", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetAlias", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetAlias.html", + "description": "Grants permission to return the keyArn associated with an aliasName", + "accessLevel": "Read", + "resourceTypes": [ + "alias*", + "key*" + ], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "GetKey", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetKey.html", + "description": "Grants permission to return the detailed information about the specified key", + "accessLevel": "Read", + "resourceTypes": [ + "key*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetParametersForExport", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetParametersForExport.html", + "description": "Grants permission to get the export token and the signing key certificate to initiate a TR-34 key export", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetParametersForImport", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetParametersForImport.html", + "description": "Grants permission to get the import token and the wrapping key certificate to initiate a TR-34 key import", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "GetPublicKeyCertificate", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html", + "description": "Grants permission to return the public key from a key of class PUBLIC_KEY", + "accessLevel": "Read", + "resourceTypes": [ + "key*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ImportKey", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html", + "description": "Grants permission to imports keys and public key certificates", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependentActions": [ + "payment-cryptography:TagResource" + ] + }, + { + "name": "ListAliases", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ListAliases.html", + "description": "Grants permission to return a list of aliases created for all keys in the caller's AWS account and Region", + "accessLevel": "List", + "resourceTypes": [ + "alias*", + "key*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListKeys", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ListKeys.html", + "description": "Grants permission to return a list of keys created in the caller's AWS account and Region", + "accessLevel": "List", + "resourceTypes": [ + "key*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ListTagsForResource", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ListTagsForResource.html", + "description": "Grants permission to return a list of tags created in the caller's AWS account and Region", + "accessLevel": "Read", + "resourceTypes": [ + "key" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "ReEncryptData", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_ReEncryptData.html", + "description": "Grants permission to re-encrypt ciphertext using DUKPT, Symmetric and Asymmetric Data Encryption Keys", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "RestoreKey", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_RestoreKey.html", + "description": "Grants permission to cancel a scheduled key deletion if at any point during the waiting period a Key needs to be revived", + "accessLevel": "Write", + "resourceTypes": [ + "key*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "StartKeyUsage", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_StartKeyUsage.html", + "description": "Grants permission to enable a disabled Key", + "accessLevel": "Write", + "resourceTypes": [ + "key*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "StopKeyUsage", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_StopKeyUsage.html", + "description": "Grants permission to disable an enabled Key", + "accessLevel": "Write", + "resourceTypes": [ + "key*" + ], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "TagResource", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_TagResource.html", + "description": "Grants permission to add or overwrites one or more tags for the specified resource", + "accessLevel": "Tagging", + "resourceTypes": [ + "key*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "TranslatePinData", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_TranslatePinData.html", + "description": "Grants permission to translate encrypted PIN block from and to ISO 9564 formats 0,1,3,4", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "UntagResource", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_UntagResource.html", + "description": "Grants permission to remove the specified tag or tags from the specified resource", + "accessLevel": "Tagging", + "resourceTypes": [ + "key*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "UpdateAlias", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_UpdateAlias.html", + "description": "Grants permission to change the key to which an alias is assigned, or unassign it from its current key", + "accessLevel": "Write", + "resourceTypes": [ + "alias*", + "key*" + ], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "VerifyAuthRequestCryptogram", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_VerifyAuthRequestCryptogram.html", + "description": "Grants permission to verify Authorization Request Cryptogram (ARQC) for a EMV chip payment card authorization", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "VerifyCardValidationData", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_VerifyCardValidationData.html", + "description": "Grants permission to verify card-related validation data using algorithms such as Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2) and Card Security Codes (CSC)", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "VerifyMac", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_VerifyMac.html", + "description": "Grants permission to verify MAC (Message Authentication Code) of input data against a provided MAC", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "VerifyPinData", + "documentationUrl": "https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_VerifyPinData.html", + "description": "Grants permission to verify pin-related data such as PIN and PIN Offset using algorithms including VISA PVV and IBM3624", + "accessLevel": "Write", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + } + ] +} \ No newline at end of file diff --git a/src/data/iam-services/aws-purchase-orders-console.json b/src/data/iam-services/aws-purchase-orders-console.json index e56c662..cab0b9d 100644 --- a/src/data/iam-services/aws-purchase-orders-console.json +++ b/src/data/iam-services/aws-purchase-orders-console.json @@ -8,8 +8,13 @@ "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", "description": "Grants permission to add a new purchase order", "accessLevel": "Write", - "resourceTypes": [], - "conditionKeys": [], + "resourceTypes": [ + "purchase-order*" + ], + "conditionKeys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependentActions": [] }, { @@ -17,8 +22,12 @@ "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", "description": "Grants permission to delete a purchase order", "accessLevel": "Write", - "resourceTypes": [], - "conditionKeys": [], + "resourceTypes": [ + "purchase-order*" + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ], "dependentActions": [] }, { @@ -35,8 +44,12 @@ "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", "description": "Grants permission to get a purchase order", "accessLevel": "Read", - "resourceTypes": [], - "conditionKeys": [], + "resourceTypes": [ + "purchase-order*" + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ], "dependentActions": [] }, { @@ -44,26 +57,78 @@ "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", "description": "Grants permission to list purchase order invoices", "accessLevel": "List", - "resourceTypes": [], - "conditionKeys": [], + "resourceTypes": [ + "purchase-order*" + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ], "dependentActions": [] }, { "name": "ListPurchaseOrders", "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", - "description": "Grants permission to get all available purchase orders", + "description": "Grants permission to list all purchase orders for an account", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, + { + "name": "ListTagsForResource", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Grants permission to list tags for a purchase order", + "accessLevel": "Read", + "resourceTypes": [ + "purchase-order" + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependentActions": [] + }, { "name": "ModifyPurchaseOrders", "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", "description": "Grants permission to modify purchase orders and details", "accessLevel": "Write", - "resourceTypes": [], - "conditionKeys": [], + "resourceTypes": [ + "purchase-order*" + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependentActions": [] + }, + { + "name": "TagResource", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Grants permission to tag purchase orders with given key value pairs", + "accessLevel": "Tagging", + "resourceTypes": [ + "purchase-order*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], + "dependentActions": [] + }, + { + "name": "UntagResource", + "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", + "description": "Grants permission to remove tags from a purchase order", + "accessLevel": "Tagging", + "resourceTypes": [ + "purchase-order*" + ], + "conditionKeys": [ + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" + ], "dependentActions": [] }, { @@ -80,8 +145,12 @@ "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", "description": "Grants permission to update an existing purchase order", "accessLevel": "Write", - "resourceTypes": [], - "conditionKeys": [], + "resourceTypes": [ + "purchase-order*" + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ], "dependentActions": [] }, { @@ -89,8 +158,12 @@ "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", "description": "Grants permission to set purchase order status", "accessLevel": "Write", - "resourceTypes": [], - "conditionKeys": [], + "resourceTypes": [ + "purchase-order*" + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ], "dependentActions": [] }, { @@ -98,8 +171,12 @@ "documentationUrl": "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#user-permissions", "description": "Grants permission to view purchase orders and details", "accessLevel": "Read", - "resourceTypes": [], - "conditionKeys": [], + "resourceTypes": [ + "purchase-order" + ], + "conditionKeys": [ + "aws:ResourceTag/${TagKey}" + ], "dependentActions": [] } ] diff --git a/src/data/iam-services/aws-step-functions.json b/src/data/iam-services/aws-step-functions.json index 8589603..3bb2dee 100644 --- a/src/data/iam-services/aws-step-functions.json +++ b/src/data/iam-services/aws-step-functions.json @@ -29,6 +29,21 @@ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], + "dependentActions": [ + "states:PublishStateMachineVersion" + ] + }, + { + "name": "CreateStateMachineAlias", + "documentationUrl": "https://docs.aws.amazon.com/step-functions/latest/apireference/API_CreateStateMachineAlias.html", + "description": "Grants permission to create a state machine alias", + "accessLevel": "Write", + "resourceTypes": [ + "statemachine*" + ], + "conditionKeys": [ + "states:StateMachineQualifier" + ], "dependentActions": [] }, { @@ -53,6 +68,32 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "DeleteStateMachineAlias", + "documentationUrl": "https://docs.aws.amazon.com/step-functions/latest/apireference/API_DeleteStateMachineAlias.html", + "description": "Grants permission to delete a state machine alias", + "accessLevel": "Write", + "resourceTypes": [ + "statemachine*" + ], + "conditionKeys": [ + "states:StateMachineQualifier" + ], + "dependentActions": [] + }, + { + "name": "DeleteStateMachineVersion", + "documentationUrl": "https://docs.aws.amazon.com/step-functions/latest/apireference/API_DeleteStateMachineVersion.html", + "description": "Grants permission to delete a state machine version", + "accessLevel": "Write", + "resourceTypes": [ + "statemachine*" + ], + "conditionKeys": [ + "states:StateMachineQualifier" + ], + "dependentActions": [] + }, { "name": "DescribeActivity", "documentationUrl": "https://docs.aws.amazon.com/step-functions/latest/apireference/API_DescribeActivity.html", @@ -95,7 +136,22 @@ "resourceTypes": [ "statemachine*" ], - "conditionKeys": [], + "conditionKeys": [ + "states:StateMachineQualifier" + ], + "dependentActions": [] + }, + { + "name": "DescribeStateMachineAlias", + "documentationUrl": "https://docs.aws.amazon.com/step-functions/latest/apireference/API_DescribeStateMachineAlias.html", + "description": "Grants permission to describe a state machine alias", + "accessLevel": "Read", + "resourceTypes": [ + "statemachine*" + ], + "conditionKeys": [ + "states:StateMachineQualifier" + ], "dependentActions": [] }, { @@ -144,12 +200,14 @@ "name": "ListExecutions", "documentationUrl": "https://docs.aws.amazon.com/step-functions/latest/apireference/API_ListExecutions.html", "description": "Grants permission to list the executions of a state machine", - "accessLevel": "Read", + "accessLevel": "List", "resourceTypes": [ "maprun*", "statemachine*" ], - "conditionKeys": [], + "conditionKeys": [ + "states:StateMachineQualifier" + ], "dependentActions": [] }, { @@ -163,6 +221,30 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "ListStateMachineAliases", + "documentationUrl": "https://docs.aws.amazon.com/step-functions/latest/apireference/API_ListStateMachineAliases.html", + "description": "Grants permission to list the aliases of a state machine", + "accessLevel": "List", + "resourceTypes": [ + "statemachine*" + ], + "conditionKeys": [ + "states:StateMachineQualifier" + ], + "dependentActions": [] + }, + { + "name": "ListStateMachineVersions", + "documentationUrl": "https://docs.aws.amazon.com/step-functions/latest/apireference/API_ListStateMachineVersions.html", + "description": "Grants permission to list the versions of a state machine", + "accessLevel": "List", + "resourceTypes": [ + "statemachine*" + ], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "ListStateMachines", "documentationUrl": "https://docs.aws.amazon.com/step-functions/latest/apireference/API_ListStateMachines.html", @@ -176,7 +258,7 @@ "name": "ListTagsForResource", "documentationUrl": "https://docs.aws.amazon.com/step-functions/latest/apireference/API_ListTagsForResource.html", "description": "Grants permission to list tags for an AWS Step Functions resource", - "accessLevel": "Read", + "accessLevel": "List", "resourceTypes": [ "activity", "statemachine" @@ -184,6 +266,17 @@ "conditionKeys": [], "dependentActions": [] }, + { + "name": "PublishStateMachineVersion", + "documentationUrl": "https://docs.aws.amazon.com/step-functions/latest/apireference/API_PublishStateMachineVersion.html", + "description": "Grants permission to publish a state machine version", + "accessLevel": "Write", + "resourceTypes": [ + "statemachine*" + ], + "conditionKeys": [], + "dependentActions": [] + }, { "name": "SendTaskFailure", "documentationUrl": "https://docs.aws.amazon.com/step-functions/latest/apireference/API_SendTaskFailure.html", @@ -219,7 +312,9 @@ "resourceTypes": [ "statemachine*" ], - "conditionKeys": [], + "conditionKeys": [ + "states:StateMachineQualifier" + ], "dependentActions": [] }, { @@ -230,7 +325,9 @@ "resourceTypes": [ "statemachine*" ], - "conditionKeys": [], + "conditionKeys": [ + "states:StateMachineQualifier" + ], "dependentActions": [] }, { @@ -296,6 +393,21 @@ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], + "dependentActions": [ + "states:PublishStateMachineVersion" + ] + }, + { + "name": "UpdateStateMachineAlias", + "documentationUrl": "https://docs.aws.amazon.com/step-functions/latest/apireference/API_UpdateStateMachineAlias.html", + "description": "Grants permission to update a state machine alias", + "accessLevel": "Write", + "resourceTypes": [ + "statemachine*" + ], + "conditionKeys": [ + "states:StateMachineQualifier" + ], "dependentActions": [] } ] diff --git a/src/data/iam-services/aws-storage-gateway.json b/src/data/iam-services/aws-storage-gateway.json index a380db3..10bbff0 100644 --- a/src/data/iam-services/aws-storage-gateway.json +++ b/src/data/iam-services/aws-storage-gateway.json @@ -650,9 +650,7 @@ "documentationUrl": "https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListAutomaticTapeCreationPolicies.html", "description": "Grants permission to list the automatic tape creation policies configured on the specified gateway-VTL or all gateway-VTLs owned by your account", "accessLevel": "List", - "resourceTypes": [ - "gateway*" - ], + "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, @@ -661,9 +659,7 @@ "documentationUrl": "https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListFileShares.html", "description": "Grants permission to get a list of the file shares for a specific file gateway, or the list of file shares that belong to the calling user account", "accessLevel": "List", - "resourceTypes": [ - "gateway*" - ], + "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, @@ -672,9 +668,7 @@ "documentationUrl": "https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListFileSystemAssociations.html", "description": "Grants permission to get a list of the file system associations for the specified gateway", "accessLevel": "List", - "resourceTypes": [ - "gateway*" - ], + "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, @@ -717,9 +711,7 @@ "documentationUrl": "https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListTapePools.html", "description": "Grants permission to list tape pools owned by your AWS account", "accessLevel": "List", - "resourceTypes": [ - "tapepool*" - ], + "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, @@ -728,9 +720,7 @@ "documentationUrl": "https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListTapes.html", "description": "Grants permission to list virtual tapes in your virtual tape library (VTL) and your virtual tape shelf (VTS)", "accessLevel": "List", - "resourceTypes": [ - "tape*" - ], + "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, @@ -761,9 +751,7 @@ "documentationUrl": "https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_ListVolumes.html", "description": "Grants permission to list the iSCSI stored volumes of a gateway", "accessLevel": "List", - "resourceTypes": [ - "gateway*" - ], + "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, diff --git a/src/data/iam-services/aws-support.json b/src/data/iam-services/aws-support.json index c0be4ef..78cd01f 100644 --- a/src/data/iam-services/aws-support.json +++ b/src/data/iam-services/aws-support.json @@ -6,7 +6,7 @@ { "name": "AddAttachmentsToSet", "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/APIReference/API_AddAttachmentsToSet.html", - "description": "Adds one or more attachments to an AWS Support case.", + "description": "Grants permission to add one or more attachments to an AWS Support case", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], @@ -15,7 +15,7 @@ { "name": "AddCommunicationToCase", "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/APIReference/API_AddCommunicationToCase.html", - "description": "Adds a customer communication to an AWS Support case.", + "description": "Grants permission to add a customer communication to an AWS Support case", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], @@ -24,7 +24,7 @@ { "name": "CreateCase", "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/APIReference/API_CreateCase.html", - "description": "Creates a new AWS Support case.", + "description": "Grants permission to creates a new AWS Support case", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], @@ -33,7 +33,7 @@ { "name": "DescribeAttachment", "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/APIReference/API_DescribeAttachment.html", - "description": "Returns the description for an attachment.", + "description": "Grants permission to describe attachment detail", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], @@ -41,7 +41,8 @@ }, { "name": "DescribeCaseAttributes", - "description": "This is an internally managed function which allows secondary services to read AWS Support case attributes.", + "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/user/accessing-support.html", + "description": "Grants permission to allow secondary services to read AWS Support case attributes.This is an internally managed function", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], @@ -50,7 +51,7 @@ { "name": "DescribeCases", "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/APIReference/API_DescribeCases.html", - "description": "Returns a list of AWS Support cases that matches the given inputs.", + "description": "Grants permission to list AWS Support cases that matches the given inputs", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], @@ -59,7 +60,16 @@ { "name": "DescribeCommunications", "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/APIReference/API_DescribeCommunications.html", - "description": "Returns the communications and attachments for one or more AWS Support cases.", + "description": "Grants permission to list the communications and attachments for one or more AWS Support cases", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DescribeCreateCaseOptions", + "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/APIReference/API_DescribeCreateCaseOptions.html", + "description": "Grants permission to describes the available options for creating a support case", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], @@ -67,7 +77,8 @@ }, { "name": "DescribeIssueTypes", - "description": "Returns issue types for AWS Support cases.", + "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/user/accessing-support.html", + "description": "Grants permission to return issue types for AWS Support cases", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], @@ -76,7 +87,7 @@ { "name": "DescribeServices", "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/APIReference/API_DescribeServices.html", - "description": "Returns the current list of AWS services and categories that applies to each service.", + "description": "Grants permission to list AWS services and categories that applies to each service", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], @@ -85,7 +96,7 @@ { "name": "DescribeSeverityLevels", "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/APIReference/API_DescribeSeverityLevels.html", - "description": "Returns the list of severity levels that can be assigned to an AWS Support case.", + "description": "Grants permission to list severity levels that can be assigned to an AWS Support case", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], @@ -93,7 +104,17 @@ }, { "name": "DescribeSupportLevel", - "description": "Returns the support level for an AWS Account identifier.", + "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/user/accessing-support.html", + "description": "Grants permission to return the support level for an AWS Account identifier", + "accessLevel": "Read", + "resourceTypes": [], + "conditionKeys": [], + "dependentActions": [] + }, + { + "name": "DescribeSupportedLanguages", + "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/APIReference/API_DescribeSupportedLanguages.html", + "description": "Grants permission to describes the available support languages for a given category code, service code and issue type", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], @@ -102,7 +123,7 @@ { "name": "DescribeTrustedAdvisorCheckRefreshStatuses", "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/APIReference/API_DescribeTrustedAdvisorCheckRefreshStatuses.html", - "description": "Returns the status of a Trusted Advisor refresh check based on a list of check identifiers.", + "description": "Grants permission to get the status of a Trusted Advisor refresh check based on a list of check identifiers", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], @@ -111,7 +132,7 @@ { "name": "DescribeTrustedAdvisorCheckResult", "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/APIReference/API_DescribeTrustedAdvisorCheckResult.html", - "description": "Returns the results of the Trusted Advisor check that has the specified check identifier.", + "description": "Grants permission to get the results of the Trusted Advisor check that has the specified check identifier", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], @@ -120,7 +141,7 @@ { "name": "DescribeTrustedAdvisorCheckSummaries", "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/APIReference/API_DescribeTrustedAdvisorCheckSummaries.html", - "description": "Returns the summaries of the results of the Trusted Advisor checks that have the specified check identifiers.", + "description": "Grants permission to get the summaries of the results of the Trusted Advisor checks that have the specified check identifiers", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], @@ -129,7 +150,7 @@ { "name": "DescribeTrustedAdvisorChecks", "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/APIReference/API_DescribeTrustedAdvisorChecks.html", - "description": "Returns a list of all available Trusted Advisor checks, including name, identifier, category and description.", + "description": "Grants permission to get a list of all available Trusted Advisor checks, including name, identifier, category and description", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [], @@ -137,7 +158,8 @@ }, { "name": "InitiateCallForCase", - "description": "This is an internally managed function to initiate a call on AWS Support Center.", + "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/user/accessing-support.html", + "description": "Grants permission to initiate a call on AWS Support Center. This is an internally managed function", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], @@ -145,7 +167,8 @@ }, { "name": "InitiateChatForCase", - "description": "This is an internally managed function to initiate a chat on AWS Support Center.", + "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/user/accessing-support.html", + "description": "Grants permission to initiate a chat on AWS Support Center.This is an internally managed function", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], @@ -153,7 +176,8 @@ }, { "name": "PutCaseAttributes", - "description": "This is an internally managed function which allows secondary services to attach attributes to AWS Support cases.", + "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/user/accessing-support.html", + "description": "Grants permission to allow secondary services to attach attributes to AWS Support cases. This is an internally managed function", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], @@ -161,7 +185,8 @@ }, { "name": "RateCaseCommunication", - "description": "Rate an AWS Support case communication.", + "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/user/accessing-support.html", + "description": "Grants permission to rate an AWS Support case communication", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], @@ -170,7 +195,7 @@ { "name": "RefreshTrustedAdvisorCheck", "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/APIReference/API_RefreshTrustedAdvisorCheck.html", - "description": "Requests a refresh of the Trusted Advisor check that has the specified check identifier.", + "description": "Grants permission to requests a refresh of the Trusted Advisor check that has the specified check identifier", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], @@ -179,7 +204,7 @@ { "name": "ResolveCase", "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/APIReference/API_ResolveCase.html", - "description": "Resolves an AWS Support case.", + "description": "Grants permission to resolve an AWS Support case", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], @@ -187,7 +212,8 @@ }, { "name": "SearchForCases", - "description": "Returns a list of AWS Support cases that matches the given inputs.", + "documentationUrl": "https://docs.aws.amazon.com/awssupport/latest/user/accessing-support.html", + "description": "Grants permission to return a list of AWS Support cases that matches the given inputs", "accessLevel": "Read", "resourceTypes": [], "conditionKeys": [],