fix: update IAM service definitions

TastefulElk · Oct 21, 2024 · b269650 · b269650
1 parent fd3da99
commit b269650
Show file tree

Hide file tree

Showing 7 changed files with 110 additions and 64 deletions.
diff --git a/src/data/iam-services/amazon-cloud-directory.json b/src/data/iam-services/amazon-cloud-directory.json
@@ -673,7 +673,7 @@
     {
       "name": "UpdateLinkAttributes",
       "documentationUrl": "https://docs.aws.amazon.com/directoryservice/latest/APIReference/API_UpdateLinkAttributes.html",
-      "description": "Grants permission to update a given typed link’s attributes. Attributes to be updated must not contribute to the typed link’s identity, as defined by its IdentityAttributeOrder",
+      "description": "Grants permission to update a given typed link's attributes. Attributes to be updated must not contribute to the typed link's identity, as defined by its IdentityAttributeOrder",
       "accessLevel": "Write",
       "resourceTypes": [
         "directory*"

diff --git a/src/data/iam-services/amazon-q.json b/src/data/iam-services/amazon-q.json
@@ -31,6 +31,15 @@
       ],
       "dependentActions": []
     },
+    {
+      "name": "GenerateCodeFromCommands",
+      "documentationUrl": "https://docs.aws.amazon.com/amazonq/latest/aws-builder-use-ug/security_iam_manage-access-with-policies.html",
+      "description": "Grants permission to generate code from CLI commands in Amazon Q",
+      "accessLevel": "Read",
+      "resourceTypes": [],
+      "conditionKeys": [],
+      "dependentActions": []
+    },
     {
       "name": "GetConversation",
       "documentationUrl": "https://docs.aws.amazon.com/amazonq/latest/aws-builder-use-ug/security_iam_manage-access-with-policies.html",

diff --git a/src/data/iam-services/amazon-quicksight.json b/src/data/iam-services/amazon-quicksight.json
@@ -1893,6 +1893,15 @@
       "conditionKeys": [],
       "dependentActions": []
     },
+    {
+      "name": "StartDashboardSnapshotJobSchedule",
+      "documentationUrl": "https://docs.aws.amazon.com/quicksight/latest/APIReference/API_StartDashboardSnapshotJobSchedule.html",
+      "description": "Grants permission to start a dashboard snapshot job schedule",
+      "accessLevel": "Write",
+      "resourceTypes": [],
+      "conditionKeys": [],
+      "dependentActions": []
+    },
     {
       "name": "Subscribe",
       "documentationUrl": "https://docs.aws.amazon.com/quicksight/latest/user/iam-actions.html",

diff --git a/src/data/iam-services/amazon-redshift.json b/src/data/iam-services/amazon-redshift.json
@@ -70,6 +70,17 @@
       "conditionKeys": [],
       "dependentActions": []
     },
+    {
+      "name": "AuthorizeInboundIntegration",
+      "documentationUrl": "https://docs.aws.amazon.com/redshift/latest/mgmt/zero-etl-using.setting-up.html",
+      "description": "Grants permission to Amazon Redshift to continuously validate that the target data warehouse can receive data replicated from the source ARN",
+      "accessLevel": "Write",
+      "resourceTypes": [
+        "integration*"
+      ],
+      "conditionKeys": [],
+      "dependentActions": []
+    },
     {
       "name": "AuthorizeSnapshotAccess",
       "documentationUrl": "https://docs.aws.amazon.com/redshift/latest/APIReference/API_AuthorizeSnapshotAccess.html",
@@ -315,6 +326,34 @@
       ],
       "dependentActions": []
     },
+    {
+      "name": "CreateInboundIntegration",
+      "documentationUrl": "https://docs.aws.amazon.com/redshift/latest/mgmt/zero-etl-using.setting-up.html",
+      "description": "Grants permission to the source principal to create an inbound integration for data to be replicated from the source into the target data warehouse",
+      "accessLevel": "Write",
+      "resourceTypes": [],
+      "conditionKeys": [],
+      "dependentActions": []
+    },
+    {
+      "name": "CreateIntegration",
+      "documentationUrl": "https://docs.aws.amazon.com/redshift/latest/APIReference/API_CreateIntegration.html",
+      "description": "Grants permission to create an Amazon Redshift zero-ETL integration",
+      "accessLevel": "Write",
+      "resourceTypes": [
+        "integration*"
+      ],
+      "conditionKeys": [
+        "aws:RequestTag/${TagKey}",
+        "aws:TagKeys",
+        "redshift:IntegrationSourceArn",
+        "redshift:IntegrationTargetArn"
+      ],
+      "dependentActions": [
+        "kms:CreateGrant",
+        "kms:DescribeKey"
+      ]
+    },
     {
       "name": "CreateQev2IdcApplication",
       "documentationUrl": "https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html",
@@ -399,6 +438,7 @@
         "eventsubscription",
         "hsmclientcertificate",
         "hsmconfiguration",
+        "integration",
         "parametergroup",
         "securitygroup",
         "securitygroupingress-cidr",
@@ -559,6 +599,19 @@
       "conditionKeys": [],
       "dependentActions": []
     },
+    {
+      "name": "DeleteIntegration",
+      "documentationUrl": "https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeleteIntegration.html",
+      "description": "Grants permission to delete an Amazon Redshift zero-ETL integration",
+      "accessLevel": "Write",
+      "resourceTypes": [
+        "integration*"
+      ],
+      "conditionKeys": [
+        "aws:ResourceTag/${TagKey}"
+      ],
+      "dependentActions": []
+    },
     {
       "name": "DeletePartner",
       "documentationUrl": "https://docs.aws.amazon.com/redshift/latest/APIReference/API_DeletePartner.html",
@@ -655,6 +708,7 @@
         "eventsubscription",
         "hsmclientcertificate",
         "hsmconfiguration",
+        "integration",
         "parametergroup",
         "securitygroup",
         "securitygroupingress-cidr",
@@ -901,6 +955,19 @@
       ],
       "dependentActions": []
     },
+    {
+      "name": "DescribeIntegrations",
+      "documentationUrl": "https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeIntegrations.html",
+      "description": "Grants permission to describe an Amazon Redshift zero-ETL integration",
+      "accessLevel": "List",
+      "resourceTypes": [
+        "integration*"
+      ],
+      "conditionKeys": [
+        "aws:ResourceTag/${TagKey}"
+      ],
+      "dependentActions": []
+    },
     {
       "name": "DescribeLoggingStatus",
       "documentationUrl": "https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeLoggingStatus.html",
@@ -1082,6 +1149,7 @@
         "eventsubscription",
         "hsmclientcertificate",
         "hsmconfiguration",
+        "integration",
         "parametergroup",
         "securitygroup",
         "securitygroupingress-cidr",
@@ -1461,6 +1529,19 @@
       "conditionKeys": [],
       "dependentActions": []
     },
+    {
+      "name": "ModifyIntegration",
+      "documentationUrl": "https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyIntegration.html",
+      "description": "Grants permission to modify an Amazon Redshift zero-ETL integration",
+      "accessLevel": "Write",
+      "resourceTypes": [
+        "integration*"
+      ],
+      "conditionKeys": [
+        "aws:ResourceTag/${TagKey}"
+      ],
+      "dependentActions": []
+    },
     {
       "name": "ModifyQev2IdcApplication",
       "documentationUrl": "https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-idp-connect.html",

diff --git a/src/data/iam-services/amazon-sagemaker.json b/src/data/iam-services/amazon-sagemaker.json
@@ -109,7 +109,7 @@
     {
       "name": "BatchGetMetrics",
       "documentationUrl": "https://docs.aws.amazon.com/sagemaker/latest/APIReference/",
-      "description": "Grants permission to retrieve metrics associated with SageMaker Resources such as Training Jobs or Trial Components. This API is not publicly exposed at this point, however admins can control this action",
+      "description": "Grants permission to retrieve metrics associated with SageMaker Resources such as Training Jobs or Trial Components",
       "accessLevel": "Read",
       "resourceTypes": [
         "experiment-trial-component*",

diff --git a/src/data/iam-services/aws-elemental-mediaconnect.json b/src/data/iam-services/aws-elemental-mediaconnect.json
@@ -163,6 +163,15 @@
       "conditionKeys": [],
       "dependentActions": []
     },
+    {
+      "name": "DescribeFlowSourceThumbnail",
+      "documentationUrl": "https://docs.aws.amazon.com/mediaconnect/latest/api/v1-flows-flowarn-source-thumbnail.html",
+      "description": "Grants permission to view flow's source thumbnail",
+      "accessLevel": "Read",
+      "resourceTypes": [],
+      "conditionKeys": [],
+      "dependentActions": []
+    },
     {
       "name": "DescribeGateway",
       "documentationUrl": "https://docs.aws.amazon.com/mediaconnect/latest/api/v1-gateways-gatewayarn.html",

diff --git a/src/data/iam-services/aws-lambda.json b/src/data/iam-services/aws-lambda.json
@@ -215,19 +215,6 @@
       "conditionKeys": [],
       "dependentActions": []
     },
-    {
-      "name": "DeleteResourcePolicy",
-      "documentationUrl": "https://docs.aws.amazon.com/lambda/latest/dg/API_DeleteResourcePolicy.html",
-      "description": "Grants permission to delete the resource-based policy for an AWS Lambda function, version, or alias",
-      "accessLevel": "Permissions management",
-      "resourceTypes": [
-        "function*"
-      ],
-      "conditionKeys": [],
-      "dependentActions": [
-        "lambda:RemovePermission"
-      ]
-    },
     {
       "name": "DisableReplication",
       "documentationUrl": "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-edge-permissions.html",
@@ -419,30 +406,6 @@
       "conditionKeys": [],
       "dependentActions": []
     },
-    {
-      "name": "GetPublicAccessBlockConfig",
-      "documentationUrl": "https://docs.aws.amazon.com/lambda/latest/dg/API_GetPublicAccessBlockConfig.html",
-      "description": "Grants permission to view the PublicAccessBlockConfig of an AWS Lambda function",
-      "accessLevel": "Read",
-      "resourceTypes": [
-        "function*"
-      ],
-      "conditionKeys": [],
-      "dependentActions": []
-    },
-    {
-      "name": "GetResourcePolicy",
-      "documentationUrl": "https://docs.aws.amazon.com/lambda/latest/dg/API_GetResourcePolicy.html",
-      "description": "Grants permission to view the resource-based policy for an AWS Lambda function, version, or alias",
-      "accessLevel": "Read",
-      "resourceTypes": [
-        "function*"
-      ],
-      "conditionKeys": [],
-      "dependentActions": [
-        "lambda:GetPolicy"
-      ]
-    },
     {
       "name": "GetRuntimeManagementConfig",
       "documentationUrl": "https://docs.aws.amazon.com/lambda/latest/dg/API_GetRuntimeManagementConfig.html",
@@ -700,31 +663,6 @@
       "conditionKeys": [],
       "dependentActions": []
     },
-    {
-      "name": "PutPublicAccessBlockConfig",
-      "documentationUrl": "https://docs.aws.amazon.com/lambda/latest/dg/API_PutPublicAccessBlockConfig.html",
-      "description": "Grants permission to update the PublicAccessBlockConfig of an AWS Lambda function",
-      "accessLevel": "Permissions management",
-      "resourceTypes": [
-        "function*"
-      ],
-      "conditionKeys": [],
-      "dependentActions": []
-    },
-    {
-      "name": "PutResourcePolicy",
-      "documentationUrl": "https://docs.aws.amazon.com/lambda/latest/dg/API_PutResourcePolicy.html",
-      "description": "Grants permission to update the resource-based policy for an AWS Lambda function, version, or alias",
-      "accessLevel": "Permissions management",
-      "resourceTypes": [
-        "function*"
-      ],
-      "conditionKeys": [],
-      "dependentActions": [
-        "lambda:AddPermission",
-        "lambda:RemovePermission"
-      ]
-    },
     {
       "name": "PutRuntimeManagementConfig",
       "documentationUrl": "https://docs.aws.amazon.com/lambda/latest/dg/API_PutRuntimeManagementConfig.html",