@cloud-copilot/iam-data 0.0.1

package/data/actions/s3.json

@@ -0,0 +1,3766 @@
+{
+  "AbortMultipartUpload": {
+    "name": "AbortMultipartUpload",
+    "description": "Grants permission to abort a multipart upload",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointArn",
+      "s3:AccessGrantsInstanceArn",
+      "s3:DataAccessPointAccount",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "AssociateAccessGrantsIdentityCenter": {
+    "name": "AssociateAccessGrantsIdentityCenter",
+    "description": "Grants permission to associate Access Grants identity center",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "accessgrantsinstance",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "BypassGovernanceRetention": {
+    "name": "BypassGovernanceRetention",
+    "description": "Grants permission to allow circumvention of governance-mode object retention settings",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:RequestObjectTag/<key>",
+      "s3:RequestObjectTagKeys",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-acl",
+      "s3:x-amz-content-sha256",
+      "s3:x-amz-copy-source",
+      "s3:x-amz-grant-full-control",
+      "s3:x-amz-grant-read",
+      "s3:x-amz-grant-read-acp",
+      "s3:x-amz-grant-write",
+      "s3:x-amz-grant-write-acp",
+      "s3:x-amz-metadata-directive",
+      "s3:x-amz-server-side-encryption",
+      "s3:x-amz-server-side-encryption-aws-kms-key-id",
+      "s3:x-amz-server-side-encryption-customer-algorithm",
+      "s3:x-amz-storage-class",
+      "s3:x-amz-website-redirect-location",
+      "s3:object-lock-mode",
+      "s3:object-lock-retain-until-date",
+      "s3:object-lock-remaining-retention-days",
+      "s3:object-lock-legal-hold"
+    ],
+    "dependentActions": []
+  },
+  "CreateAccessGrant": {
+    "name": "CreateAccessGrant",
+    "description": "Grants permission to create Access Grant",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "accessgrantslocation",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:ResourceTag/${TagKey}",
+      "aws:RequestTag/${TagKey}",
+      "aws:TagKeys"
+    ],
+    "dependentActions": []
+  },
+  "CreateAccessGrantsInstance": {
+    "name": "CreateAccessGrantsInstance",
+    "description": "Grants permission to Create Access Grants Instance",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "accessgrantsinstance",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:RequestTag/${TagKey}",
+      "aws:ResourceTag/${TagKey}",
+      "aws:TagKeys"
+    ],
+    "dependentActions": []
+  },
+  "CreateAccessGrantsLocation": {
+    "name": "CreateAccessGrantsLocation",
+    "description": "Grants permission to create Access Grants location",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "accessgrantsinstance",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:ResourceTag/${TagKey}",
+      "aws:RequestTag/${TagKey}",
+      "aws:TagKeys"
+    ],
+    "dependentActions": []
+  },
+  "CreateAccessPoint": {
+    "name": "CreateAccessPoint",
+    "description": "Grants permission to create a new access point",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "accesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:locationconstraint",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-acl",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "CreateAccessPointForObjectLambda": {
+    "name": "CreateAccessPointForObjectLambda",
+    "description": "Grants permission to create an object lambda enabled accesspoint",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "objectlambdaaccesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "CreateBucket": {
+    "name": "CreateBucket",
+    "description": "Grants permission to create a new bucket",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:locationconstraint",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-acl",
+      "s3:x-amz-content-sha256",
+      "s3:x-amz-grant-full-control",
+      "s3:x-amz-grant-read",
+      "s3:x-amz-grant-read-acp",
+      "s3:x-amz-grant-write",
+      "s3:x-amz-grant-write-acp",
+      "s3:x-amz-object-ownership"
+    ],
+    "dependentActions": []
+  },
+  "CreateJob": {
+    "name": "CreateJob",
+    "description": "Grants permission to create a new Amazon S3 Batch Operations job",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "s3:RequestJobPriority",
+      "s3:RequestJobOperation",
+      "aws:TagKeys",
+      "aws:RequestTag/${TagKey}"
+    ],
+    "dependentActions": [
+      "iam:PassRole"
+    ]
+  },
+  "CreateMultiRegionAccessPoint": {
+    "name": "CreateMultiRegionAccessPoint",
+    "description": "Grants permission to create a new Multi-Region Access Point",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "multiregionaccesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureversion",
+      "s3:signatureAge",
+      "s3:TlsVersion"
+    ],
+    "dependentActions": []
+  },
+  "CreateStorageLensGroup": {
+    "name": "CreateStorageLensGroup",
+    "description": "Grants permission to create an Amazon S3 Storage Lens group",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:RequestTag/${TagKey}",
+      "aws:TagKeys"
+    ],
+    "dependentActions": []
+  },
+  "DeleteAccessGrant": {
+    "name": "DeleteAccessGrant",
+    "description": "Grants permission to delete Access Grant",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "accessgrant",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "DeleteAccessGrantsInstance": {
+    "name": "DeleteAccessGrantsInstance",
+    "description": "Grants permission to Delete Access Grants Instance",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "accessgrantsinstance",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "DeleteAccessGrantsInstanceResourcePolicy": {
+    "name": "DeleteAccessGrantsInstanceResourcePolicy",
+    "description": "Grants permission to read Access grants instance resource policy",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "accessgrantsinstance",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "DeleteAccessGrantsLocation": {
+    "name": "DeleteAccessGrantsLocation",
+    "description": "Grants permission to delete Access Grants location",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "accessgrantslocation",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "DeleteAccessPoint": {
+    "name": "DeleteAccessPoint",
+    "description": "Grants permission to delete the access point named in the URI",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "accesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointArn",
+      "s3:DataAccessPointAccount",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "DeleteAccessPointForObjectLambda": {
+    "name": "DeleteAccessPointForObjectLambda",
+    "description": "Grants permission to delete the object lambda enabled access point named in the URI",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "objectlambdaaccesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointArn",
+      "s3:DataAccessPointAccount",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "DeleteAccessPointPolicy": {
+    "name": "DeleteAccessPointPolicy",
+    "description": "Grants permission to delete the policy on a specified access point",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [
+      {
+        "name": "accesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointArn",
+      "s3:DataAccessPointAccount",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "DeleteAccessPointPolicyForObjectLambda": {
+    "name": "DeleteAccessPointPolicyForObjectLambda",
+    "description": "Grants permission to delete the policy on a specified object lambda enabled access point",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [
+      {
+        "name": "objectlambdaaccesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointArn",
+      "s3:DataAccessPointAccount",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "DeleteBucket": {
+    "name": "DeleteBucket",
+    "description": "Grants permission to delete the bucket named in the URI",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "DeleteBucketPolicy": {
+    "name": "DeleteBucketPolicy",
+    "description": "Grants permission to delete the policy on a specified bucket",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "DeleteBucketWebsite": {
+    "name": "DeleteBucketWebsite",
+    "description": "Grants permission to remove the website configuration for a bucket",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "DeleteJobTagging": {
+    "name": "DeleteJobTagging",
+    "description": "Grants permission to remove tags from an existing Amazon S3 Batch Operations job",
+    "accessLevel": "Tagging",
+    "resourceTypes": [
+      {
+        "name": "job",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "s3:ExistingJobPriority",
+      "s3:ExistingJobOperation"
+    ],
+    "dependentActions": []
+  },
+  "DeleteMultiRegionAccessPoint": {
+    "name": "DeleteMultiRegionAccessPoint",
+    "description": "Grants permission to delete the Multi-Region Access Point named in the URI",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "multiregionaccesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureversion",
+      "s3:signatureAge",
+      "s3:TlsVersion"
+    ],
+    "dependentActions": []
+  },
+  "DeleteObject": {
+    "name": "DeleteObject",
+    "description": "Grants permission to remove the null version of an object and insert a delete marker, which becomes the current version of the object",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:AccessGrantsInstanceArn",
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "DeleteObjectTagging": {
+    "name": "DeleteObjectTagging",
+    "description": "Grants permission to use the tagging subresource to remove the entire tag set from the specified object",
+    "accessLevel": "Tagging",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:ExistingObjectTag/<key>",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "DeleteObjectVersion": {
+    "name": "DeleteObjectVersion",
+    "description": "Grants permission to remove a specific version of an object",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:AccessGrantsInstanceArn",
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:versionid",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "DeleteObjectVersionTagging": {
+    "name": "DeleteObjectVersionTagging",
+    "description": "Grants permission to remove the entire tag set for a specific version of the object",
+    "accessLevel": "Tagging",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:ExistingObjectTag/<key>",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:versionid",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "DeleteStorageLensConfiguration": {
+    "name": "DeleteStorageLensConfiguration",
+    "description": "Grants permission to delete an existing Amazon S3 Storage Lens configuration",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "storagelensconfiguration",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "DeleteStorageLensConfigurationTagging": {
+    "name": "DeleteStorageLensConfigurationTagging",
+    "description": "Grants permission to remove tags from an existing Amazon S3 Storage Lens configuration",
+    "accessLevel": "Tagging",
+    "resourceTypes": [
+      {
+        "name": "storagelensconfiguration",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "DeleteStorageLensGroup": {
+    "name": "DeleteStorageLensGroup",
+    "description": "Grants permission to delete an existing S3 Storage Lens group",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "storagelensgroup",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "DescribeJob": {
+    "name": "DescribeJob",
+    "description": "Grants permission to retrieve the configuration parameters and status for a batch operations job",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "job",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "DescribeMultiRegionAccessPointOperation": {
+    "name": "DescribeMultiRegionAccessPointOperation",
+    "description": "Grants permission to retrieve the configurations for a Multi-Region Access Point",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "multiregionaccesspointrequestarn",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureversion",
+      "s3:signatureAge",
+      "s3:TlsVersion"
+    ],
+    "dependentActions": []
+  },
+  "DissociateAccessGrantsIdentityCenter": {
+    "name": "DissociateAccessGrantsIdentityCenter",
+    "description": "Grants permission to disassociate Access Grants identity center",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "accessgrantsinstance",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "GetAccelerateConfiguration": {
+    "name": "GetAccelerateConfiguration",
+    "description": "Grants permission to uses the accelerate subresource to return the Transfer Acceleration state of a bucket, which is either Enabled or Suspended",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetAccessGrant": {
+    "name": "GetAccessGrant",
+    "description": "Grants permission to read Access Grant",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "accessgrant",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "GetAccessGrantsInstance": {
+    "name": "GetAccessGrantsInstance",
+    "description": "Grants permission to Read Access Grants Instance",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "accessgrantsinstance",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "GetAccessGrantsInstanceForPrefix": {
+    "name": "GetAccessGrantsInstanceForPrefix",
+    "description": "Grants permission to Read Access Grants Instance by prefix",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "accessgrantsinstance",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "GetAccessGrantsInstanceResourcePolicy": {
+    "name": "GetAccessGrantsInstanceResourcePolicy",
+    "description": "Grants permission to read Access grants instance resource policy",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "accessgrantsinstance",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "GetAccessGrantsLocation": {
+    "name": "GetAccessGrantsLocation",
+    "description": "Grants permission to read Access Grants location",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "accessgrantslocation",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "GetAccessPoint": {
+    "name": "GetAccessPoint",
+    "description": "Grants permission to return configuration information about the specified access point",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetAccessPointConfigurationForObjectLambda": {
+    "name": "GetAccessPointConfigurationForObjectLambda",
+    "description": "Grants permission to retrieve the configuration of the object lambda enabled access point",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "objectlambdaaccesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointArn",
+      "s3:DataAccessPointAccount",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetAccessPointForObjectLambda": {
+    "name": "GetAccessPointForObjectLambda",
+    "description": "Grants permission to create an object lambda enabled accesspoint",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "objectlambdaaccesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetAccessPointPolicy": {
+    "name": "GetAccessPointPolicy",
+    "description": "Grants permission to returns the access point policy associated with the specified access point",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "accesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetAccessPointPolicyForObjectLambda": {
+    "name": "GetAccessPointPolicyForObjectLambda",
+    "description": "Grants permission to returns the access point policy associated with the specified object lambda enabled access point",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "objectlambdaaccesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetAccessPointPolicyStatus": {
+    "name": "GetAccessPointPolicyStatus",
+    "description": "Grants permission to return the policy status for a specific access point policy",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "accesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetAccessPointPolicyStatusForObjectLambda": {
+    "name": "GetAccessPointPolicyStatusForObjectLambda",
+    "description": "Grants permission to return the policy status for a specific object lambda access point policy",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "objectlambdaaccesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetAccountPublicAccessBlock": {
+    "name": "GetAccountPublicAccessBlock",
+    "description": "Grants permission to retrieve the PublicAccessBlock configuration for an AWS account",
+    "accessLevel": "Read",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetAnalyticsConfiguration": {
+    "name": "GetAnalyticsConfiguration",
+    "description": "Grants permission to get an analytics configuration from an Amazon S3 bucket, identified by the analytics configuration ID",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetBucketAcl": {
+    "name": "GetBucketAcl",
+    "description": "Grants permission to use the acl subresource to return the access control list (ACL) of an Amazon S3 bucket",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetBucketCORS": {
+    "name": "GetBucketCORS",
+    "description": "Grants permission to return the CORS configuration information set for an Amazon S3 bucket",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetBucketLocation": {
+    "name": "GetBucketLocation",
+    "description": "Grants permission to return the Region that an Amazon S3 bucket resides in",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetBucketLogging": {
+    "name": "GetBucketLogging",
+    "description": "Grants permission to return the logging status of an Amazon S3 bucket and the permissions users have to view or modify that status",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetBucketNotification": {
+    "name": "GetBucketNotification",
+    "description": "Grants permission to get the notification configuration of an Amazon S3 bucket",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetBucketObjectLockConfiguration": {
+    "name": "GetBucketObjectLockConfiguration",
+    "description": "Grants permission to get the Object Lock configuration of an Amazon S3 bucket",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:signatureversion"
+    ],
+    "dependentActions": []
+  },
+  "GetBucketOwnershipControls": {
+    "name": "GetBucketOwnershipControls",
+    "description": "Grants permission to retrieve ownership controls on a bucket",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetBucketPolicy": {
+    "name": "GetBucketPolicy",
+    "description": "Grants permission to return the policy of the specified bucket",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetBucketPolicyStatus": {
+    "name": "GetBucketPolicyStatus",
+    "description": "Grants permission to retrieve the policy status for a specific Amazon S3 bucket, which indicates whether the bucket is public",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetBucketPublicAccessBlock": {
+    "name": "GetBucketPublicAccessBlock",
+    "description": "Grants permission to retrieve the PublicAccessBlock configuration for an Amazon S3 bucket",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetBucketRequestPayment": {
+    "name": "GetBucketRequestPayment",
+    "description": "Grants permission to return the request payment configuration for an Amazon S3 bucket",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetBucketTagging": {
+    "name": "GetBucketTagging",
+    "description": "Grants permission to return the tag set associated with an Amazon S3 bucket",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetBucketVersioning": {
+    "name": "GetBucketVersioning",
+    "description": "Grants permission to return the versioning state of an Amazon S3 bucket",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetBucketWebsite": {
+    "name": "GetBucketWebsite",
+    "description": "Grants permission to return the website configuration for an Amazon S3 bucket",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetDataAccess": {
+    "name": "GetDataAccess",
+    "description": "Grants permission to get Access",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "accessgrantsinstance",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "GetEncryptionConfiguration": {
+    "name": "GetEncryptionConfiguration",
+    "description": "Grants permission to return the default encryption configuration an Amazon S3 bucket",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetIntelligentTieringConfiguration": {
+    "name": "GetIntelligentTieringConfiguration",
+    "description": "Grants permission to get an or list all Amazon S3 Intelligent Tiering configuration in a S3 Bucket",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetInventoryConfiguration": {
+    "name": "GetInventoryConfiguration",
+    "description": "Grants permission to return an inventory configuration from an Amazon S3 bucket, identified by the inventory configuration ID",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetJobTagging": {
+    "name": "GetJobTagging",
+    "description": "Grants permission to return the tag set of an existing Amazon S3 Batch Operations job",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "job",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetLifecycleConfiguration": {
+    "name": "GetLifecycleConfiguration",
+    "description": "Grants permission to return the lifecycle configuration information set on an Amazon S3 bucket",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetMetricsConfiguration": {
+    "name": "GetMetricsConfiguration",
+    "description": "Grants permission to get a metrics configuration from an Amazon S3 bucket",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetMultiRegionAccessPoint": {
+    "name": "GetMultiRegionAccessPoint",
+    "description": "Grants permission to return configuration information about the specified Multi-Region Access Point",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "multiregionaccesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureversion",
+      "s3:signatureAge",
+      "s3:TlsVersion"
+    ],
+    "dependentActions": []
+  },
+  "GetMultiRegionAccessPointPolicy": {
+    "name": "GetMultiRegionAccessPointPolicy",
+    "description": "Grants permission to returns the access point policy associated with the specified Multi-Region Access Point",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "multiregionaccesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureversion",
+      "s3:signatureAge",
+      "s3:TlsVersion"
+    ],
+    "dependentActions": []
+  },
+  "GetMultiRegionAccessPointPolicyStatus": {
+    "name": "GetMultiRegionAccessPointPolicyStatus",
+    "description": "Grants permission to return the policy status for a specific Multi-Region Access Point policy",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "multiregionaccesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureversion",
+      "s3:signatureAge",
+      "s3:TlsVersion"
+    ],
+    "dependentActions": []
+  },
+  "GetMultiRegionAccessPointRoutes": {
+    "name": "GetMultiRegionAccessPointRoutes",
+    "description": "Grants permission to return the route configuration for a Multi-Region Access Point",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "multiregionaccesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureversion",
+      "s3:signatureAge",
+      "s3:TlsVersion"
+    ],
+    "dependentActions": []
+  },
+  "GetObject": {
+    "name": "GetObject",
+    "description": "Grants permission to retrieve objects from Amazon S3",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:AccessGrantsInstanceArn",
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:ExistingObjectTag/<key>",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetObjectAcl": {
+    "name": "GetObjectAcl",
+    "description": "Grants permission to return the access control list (ACL) of an object",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:AccessGrantsInstanceArn",
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:ExistingObjectTag/<key>",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetObjectAttributes": {
+    "name": "GetObjectAttributes",
+    "description": "Grants permission to retrieve attributes related to a specific object",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:ExistingObjectTag/<key>",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetObjectLegalHold": {
+    "name": "GetObjectLegalHold",
+    "description": "Grants permission to get an object's current Legal Hold status",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetObjectRetention": {
+    "name": "GetObjectRetention",
+    "description": "Grants permission to retrieve the retention settings for an object",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetObjectTagging": {
+    "name": "GetObjectTagging",
+    "description": "Grants permission to return the tag set of an object",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:ExistingObjectTag/<key>",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetObjectTorrent": {
+    "name": "GetObjectTorrent",
+    "description": "Grants permission to return torrent files from an Amazon S3 bucket",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetObjectVersion": {
+    "name": "GetObjectVersion",
+    "description": "Grants permission to retrieve a specific version of an object",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:AccessGrantsInstanceArn",
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:ExistingObjectTag/<key>",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:versionid",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetObjectVersionAcl": {
+    "name": "GetObjectVersionAcl",
+    "description": "Grants permission to return the access control list (ACL) of a specific object version",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:AccessGrantsInstanceArn",
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:ExistingObjectTag/<key>",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:versionid",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetObjectVersionAttributes": {
+    "name": "GetObjectVersionAttributes",
+    "description": "Grants permission to retrieve attributes related to a specific version of an object",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:ExistingObjectTag/<key>",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:versionid",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetObjectVersionForReplication": {
+    "name": "GetObjectVersionForReplication",
+    "description": "Grants permission to replicate both unencrypted objects and objects encrypted with SSE-S3 or SSE-KMS",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetObjectVersionTagging": {
+    "name": "GetObjectVersionTagging",
+    "description": "Grants permission to return the tag set for a specific version of the object",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:ExistingObjectTag/<key>",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:versionid",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetObjectVersionTorrent": {
+    "name": "GetObjectVersionTorrent",
+    "description": "Grants permission to get Torrent files about a different version using the versionId subresource",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:versionid",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetReplicationConfiguration": {
+    "name": "GetReplicationConfiguration",
+    "description": "Grants permission to get the replication configuration information set on an Amazon S3 bucket",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetStorageLensConfiguration": {
+    "name": "GetStorageLensConfiguration",
+    "description": "Grants permission to get an Amazon S3 Storage Lens configuration",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "storagelensconfiguration",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetStorageLensConfigurationTagging": {
+    "name": "GetStorageLensConfigurationTagging",
+    "description": "Grants permission to get the tag set of an existing Amazon S3 Storage Lens configuration",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "storagelensconfiguration",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetStorageLensDashboard": {
+    "name": "GetStorageLensDashboard",
+    "description": "Grants permission to get an Amazon S3 Storage Lens dashboard",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "storagelensconfiguration",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "GetStorageLensGroup": {
+    "name": "GetStorageLensGroup",
+    "description": "Grants permission to get an Amazon S3 Storage Lens group",
+    "accessLevel": "Read",
+    "resourceTypes": [
+      {
+        "name": "storagelensgroup",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "InitiateReplication": {
+    "name": "InitiateReplication",
+    "isPermissionOnly": true,
+    "description": "Grants permission to initiate the replication process by setting replication status of an object to pending",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:ResourceAccount"
+    ],
+    "dependentActions": []
+  },
+  "ListAccessGrants": {
+    "name": "ListAccessGrants",
+    "description": "Grants permission to list Access Grant",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "accessgrantsinstance",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "ListAccessGrantsInstances": {
+    "name": "ListAccessGrantsInstances",
+    "description": "Grants permission to List Access Grants Instances",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "ListAccessGrantsLocations": {
+    "name": "ListAccessGrantsLocations",
+    "description": "Grants permission to list Access Grants locations",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "accessgrantsinstance",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "ListAccessPoints": {
+    "name": "ListAccessPoints",
+    "description": "Grants permission to list access points",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "ListAccessPointsForObjectLambda": {
+    "name": "ListAccessPointsForObjectLambda",
+    "description": "Grants permission to list object lambda enabled accesspoints",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "ListAllMyBuckets": {
+    "name": "ListAllMyBuckets",
+    "description": "Grants permission to list all buckets owned by the authenticated sender of the request",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "ListBucket": {
+    "name": "ListBucket",
+    "description": "Grants permission to list some or all of the objects in an Amazon S3 bucket (up to 1000)",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:AccessGrantsInstanceArn",
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:delimiter",
+      "s3:max-keys",
+      "s3:prefix",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "ListBucketMultipartUploads": {
+    "name": "ListBucketMultipartUploads",
+    "description": "Grants permission to list in-progress multipart uploads",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:AccessGrantsInstanceArn",
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "ListBucketVersions": {
+    "name": "ListBucketVersions",
+    "description": "Grants permission to list metadata about all the versions of objects in an Amazon S3 bucket",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:AccessGrantsInstanceArn",
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:delimiter",
+      "s3:max-keys",
+      "s3:prefix",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "ListJobs": {
+    "name": "ListJobs",
+    "description": "Grants permission to list current jobs and jobs that have ended recently",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "ListMultiRegionAccessPoints": {
+    "name": "ListMultiRegionAccessPoints",
+    "description": "Grants permission to list Multi-Region Access Points",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureversion",
+      "s3:signatureAge",
+      "s3:TlsVersion"
+    ],
+    "dependentActions": []
+  },
+  "ListMultipartUploadParts": {
+    "name": "ListMultipartUploadParts",
+    "description": "Grants permission to list the parts that have been uploaded for a specific multipart upload",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:AccessGrantsInstanceArn",
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "ListStorageLensConfigurations": {
+    "name": "ListStorageLensConfigurations",
+    "description": "Grants permission to list Amazon S3 Storage Lens configurations",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "ListStorageLensGroups": {
+    "name": "ListStorageLensGroups",
+    "description": "Grants permission to list S3 Storage Lens groups",
+    "accessLevel": "List",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "ListTagsForResource": {
+    "name": "ListTagsForResource",
+    "description": "Grants permission to list the tags attached to the specified resource",
+    "accessLevel": "List",
+    "resourceTypes": [
+      {
+        "name": "accessgrant",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
+      {
+        "name": "accessgrantsinstance",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
+      {
+        "name": "accessgrantslocation",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
+      {
+        "name": "storagelensgroup",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "ObjectOwnerOverrideToBucketOwner": {
+    "name": "ObjectOwnerOverrideToBucketOwner",
+    "description": "Grants permission to change replica ownership",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PauseReplication": {
+    "name": "PauseReplication",
+    "isPermissionOnly": true,
+    "description": "Grants permission to pause S3 Replication from target source buckets to destination buckets",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": [
+          "S3:GetReplicationConfiguration",
+          "S3:PutReplicationConfiguration"
+        ]
+      }
+    ],
+    "conditionKeys": [
+      "s3:destinationRegion",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutAccelerateConfiguration": {
+    "name": "PutAccelerateConfiguration",
+    "description": "Grants permission to use the accelerate subresource to set the Transfer Acceleration state of an existing S3 bucket",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutAccessGrantsInstanceResourcePolicy": {
+    "name": "PutAccessGrantsInstanceResourcePolicy",
+    "description": "Grants permission to put Access grants instance resource policy",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "accessgrantsinstance",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "PutAccessPointConfigurationForObjectLambda": {
+    "name": "PutAccessPointConfigurationForObjectLambda",
+    "description": "Grants permission to set the configuration of the object lambda enabled access point",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "objectlambdaaccesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointArn",
+      "s3:DataAccessPointAccount",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutAccessPointPolicy": {
+    "name": "PutAccessPointPolicy",
+    "description": "Grants permission to associate an access policy with a specified access point",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [
+      {
+        "name": "accesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutAccessPointPolicyForObjectLambda": {
+    "name": "PutAccessPointPolicyForObjectLambda",
+    "description": "Grants permission to associate an access policy with a specified object lambda enabled access point",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [
+      {
+        "name": "objectlambdaaccesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutAccessPointPublicAccessBlock": {
+    "name": "PutAccessPointPublicAccessBlock",
+    "description": "Grants permission to associate public access block configurations with a specified access point, while creating a access point",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [],
+    "conditionKeys": [],
+    "dependentActions": []
+  },
+  "PutAccountPublicAccessBlock": {
+    "name": "PutAccountPublicAccessBlock",
+    "description": "Grants permission to create or modify the PublicAccessBlock configuration for an AWS account",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutAnalyticsConfiguration": {
+    "name": "PutAnalyticsConfiguration",
+    "description": "Grants permission to set an analytics configuration for the bucket, specified by the analytics configuration ID",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutBucketAcl": {
+    "name": "PutBucketAcl",
+    "description": "Grants permission to set the permissions on an existing bucket using access control lists (ACLs)",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-acl",
+      "s3:x-amz-content-sha256",
+      "s3:x-amz-grant-full-control",
+      "s3:x-amz-grant-read",
+      "s3:x-amz-grant-read-acp",
+      "s3:x-amz-grant-write",
+      "s3:x-amz-grant-write-acp"
+    ],
+    "dependentActions": []
+  },
+  "PutBucketCORS": {
+    "name": "PutBucketCORS",
+    "description": "Grants permission to set the CORS configuration for an Amazon S3 bucket",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutBucketLogging": {
+    "name": "PutBucketLogging",
+    "description": "Grants permission to set the logging parameters for an Amazon S3 bucket",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutBucketNotification": {
+    "name": "PutBucketNotification",
+    "description": "Grants permission to receive notifications when certain events happen in an Amazon S3 bucket",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutBucketObjectLockConfiguration": {
+    "name": "PutBucketObjectLockConfiguration",
+    "description": "Grants permission to put Object Lock configuration on a specific bucket",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:TlsVersion",
+      "s3:signatureversion"
+    ],
+    "dependentActions": []
+  },
+  "PutBucketOwnershipControls": {
+    "name": "PutBucketOwnershipControls",
+    "description": "Grants permission to add, replace or delete ownership controls on a bucket",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutBucketPolicy": {
+    "name": "PutBucketPolicy",
+    "description": "Grants permission to add or replace a bucket policy on a bucket",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutBucketPublicAccessBlock": {
+    "name": "PutBucketPublicAccessBlock",
+    "description": "Grants permission to create or modify the PublicAccessBlock configuration for a specific Amazon S3 bucket",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutBucketRequestPayment": {
+    "name": "PutBucketRequestPayment",
+    "description": "Grants permission to set the request payment configuration of a bucket",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutBucketTagging": {
+    "name": "PutBucketTagging",
+    "description": "Grants permission to add a set of tags to an existing Amazon S3 bucket",
+    "accessLevel": "Tagging",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutBucketVersioning": {
+    "name": "PutBucketVersioning",
+    "description": "Grants permission to set the versioning state of an existing Amazon S3 bucket",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutBucketWebsite": {
+    "name": "PutBucketWebsite",
+    "description": "Grants permission to set the configuration of the website that is specified in the website subresource",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutEncryptionConfiguration": {
+    "name": "PutEncryptionConfiguration",
+    "description": "Grants permission to set the encryption configuration for an Amazon S3 bucket",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutIntelligentTieringConfiguration": {
+    "name": "PutIntelligentTieringConfiguration",
+    "description": "Grants permission to create new or update or delete an existing Amazon S3 Intelligent Tiering configuration",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutInventoryConfiguration": {
+    "name": "PutInventoryConfiguration",
+    "description": "Grants permission to add an inventory configuration to the bucket, identified by the inventory ID",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "s3:InventoryAccessibleOptionalFields"
+    ],
+    "dependentActions": []
+  },
+  "PutJobTagging": {
+    "name": "PutJobTagging",
+    "description": "Grants permission to replace tags on an existing Amazon S3 Batch Operations job",
+    "accessLevel": "Tagging",
+    "resourceTypes": [
+      {
+        "name": "job",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "s3:ExistingJobPriority",
+      "s3:ExistingJobOperation",
+      "aws:TagKeys",
+      "aws:RequestTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "PutLifecycleConfiguration": {
+    "name": "PutLifecycleConfiguration",
+    "description": "Grants permission to create a new lifecycle configuration for the bucket or replace an existing lifecycle configuration",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutMetricsConfiguration": {
+    "name": "PutMetricsConfiguration",
+    "description": "Grants permission to set or update a metrics configuration for the CloudWatch request metrics from an Amazon S3 bucket",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutMultiRegionAccessPointPolicy": {
+    "name": "PutMultiRegionAccessPointPolicy",
+    "description": "Grants permission to associate an access policy with a specified Multi-Region Access Point",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [
+      {
+        "name": "multiregionaccesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureversion",
+      "s3:signatureAge",
+      "s3:TlsVersion"
+    ],
+    "dependentActions": []
+  },
+  "PutObject": {
+    "name": "PutObject",
+    "description": "Grants permission to add an object to a bucket",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:AccessGrantsInstanceArn",
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:RequestObjectTag/<key>",
+      "s3:RequestObjectTagKeys",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-acl",
+      "s3:x-amz-content-sha256",
+      "s3:x-amz-copy-source",
+      "s3:x-amz-grant-full-control",
+      "s3:x-amz-grant-read",
+      "s3:x-amz-grant-read-acp",
+      "s3:x-amz-grant-write",
+      "s3:x-amz-grant-write-acp",
+      "s3:x-amz-metadata-directive",
+      "s3:x-amz-server-side-encryption",
+      "s3:x-amz-server-side-encryption-aws-kms-key-id",
+      "s3:x-amz-server-side-encryption-customer-algorithm",
+      "s3:x-amz-storage-class",
+      "s3:x-amz-website-redirect-location",
+      "s3:object-lock-mode",
+      "s3:object-lock-retain-until-date",
+      "s3:object-lock-remaining-retention-days",
+      "s3:object-lock-legal-hold"
+    ],
+    "dependentActions": []
+  },
+  "PutObjectAcl": {
+    "name": "PutObjectAcl",
+    "description": "Grants permission to set the access control list (ACL) permissions for new or existing objects in an S3 bucket",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:AccessGrantsInstanceArn",
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:ExistingObjectTag/<key>",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-acl",
+      "s3:x-amz-content-sha256",
+      "s3:x-amz-grant-full-control",
+      "s3:x-amz-grant-read",
+      "s3:x-amz-grant-read-acp",
+      "s3:x-amz-grant-write",
+      "s3:x-amz-grant-write-acp",
+      "s3:x-amz-storage-class"
+    ],
+    "dependentActions": []
+  },
+  "PutObjectLegalHold": {
+    "name": "PutObjectLegalHold",
+    "description": "Grants permission to apply a Legal Hold configuration to the specified object",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "s3:object-lock-legal-hold"
+    ],
+    "dependentActions": []
+  },
+  "PutObjectRetention": {
+    "name": "PutObjectRetention",
+    "description": "Grants permission to place an Object Retention configuration on an object",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "s3:object-lock-mode",
+      "s3:object-lock-retain-until-date",
+      "s3:object-lock-remaining-retention-days"
+    ],
+    "dependentActions": []
+  },
+  "PutObjectTagging": {
+    "name": "PutObjectTagging",
+    "description": "Grants permission to set the supplied tag-set to an object that already exists in a bucket",
+    "accessLevel": "Tagging",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:ExistingObjectTag/<key>",
+      "s3:RequestObjectTag/<key>",
+      "s3:RequestObjectTagKeys",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutObjectVersionAcl": {
+    "name": "PutObjectVersionAcl",
+    "description": "Grants permission to use the acl subresource to set the access control list (ACL) permissions for an object that already exists in a bucket",
+    "accessLevel": "Permissions management",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:AccessGrantsInstanceArn",
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:ExistingObjectTag/<key>",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:versionid",
+      "s3:x-amz-acl",
+      "s3:x-amz-content-sha256",
+      "s3:x-amz-grant-full-control",
+      "s3:x-amz-grant-read",
+      "s3:x-amz-grant-read-acp",
+      "s3:x-amz-grant-write",
+      "s3:x-amz-grant-write-acp",
+      "s3:x-amz-storage-class"
+    ],
+    "dependentActions": []
+  },
+  "PutObjectVersionTagging": {
+    "name": "PutObjectVersionTagging",
+    "description": "Grants permission to set the supplied tag-set for a specific version of an object",
+    "accessLevel": "Tagging",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:ExistingObjectTag/<key>",
+      "s3:RequestObjectTag/<key>",
+      "s3:RequestObjectTagKeys",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:versionid",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "PutReplicationConfiguration": {
+    "name": "PutReplicationConfiguration",
+    "description": "Grants permission to create a new replication configuration or replace an existing one",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "bucket",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": [
+          "iam:PassRole"
+        ]
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "s3:isReplicationPauseRequest"
+    ],
+    "dependentActions": []
+  },
+  "PutStorageLensConfiguration": {
+    "name": "PutStorageLensConfiguration",
+    "description": "Grants permission to create or update an Amazon S3 Storage Lens configuration",
+    "accessLevel": "Write",
+    "resourceTypes": [],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:TagKeys",
+      "aws:RequestTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "PutStorageLensConfigurationTagging": {
+    "name": "PutStorageLensConfigurationTagging",
+    "description": "Grants permission to put or replace tags on an existing Amazon S3 Storage Lens configuration",
+    "accessLevel": "Tagging",
+    "resourceTypes": [
+      {
+        "name": "storagelensconfiguration",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:TagKeys",
+      "aws:RequestTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "ReplicateDelete": {
+    "name": "ReplicateDelete",
+    "description": "Grants permission to replicate delete markers to the destination bucket",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "ReplicateObject": {
+    "name": "ReplicateObject",
+    "description": "Grants permission to replicate objects and object tags to the destination bucket",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "s3:x-amz-server-side-encryption",
+      "s3:x-amz-server-side-encryption-aws-kms-key-id",
+      "s3:x-amz-server-side-encryption-customer-algorithm"
+    ],
+    "dependentActions": []
+  },
+  "ReplicateTags": {
+    "name": "ReplicateTags",
+    "description": "Grants permission to replicate object tags to the destination bucket",
+    "accessLevel": "Tagging",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "RestoreObject": {
+    "name": "RestoreObject",
+    "description": "Grants permission to restore an archived copy of an object back into Amazon S3",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "object",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  },
+  "SubmitMultiRegionAccessPointRoutes": {
+    "name": "SubmitMultiRegionAccessPointRoutes",
+    "description": "Grants permission to submit a route configuration update for a Multi-Region Access Point",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "multiregionaccesspoint",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:DataAccessPointAccount",
+      "s3:DataAccessPointArn",
+      "s3:AccessPointNetworkOrigin",
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureversion",
+      "s3:signatureAge",
+      "s3:TlsVersion"
+    ],
+    "dependentActions": []
+  },
+  "TagResource": {
+    "name": "TagResource",
+    "description": "Grants permission to add tags to the specified resource",
+    "accessLevel": "Tagging",
+    "resourceTypes": [
+      {
+        "name": "accessgrant",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
+      {
+        "name": "accessgrantsinstance",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
+      {
+        "name": "accessgrantslocation",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
+      {
+        "name": "storagelensgroup",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:TagKeys",
+      "aws:RequestTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "UntagResource": {
+    "name": "UntagResource",
+    "description": "Grants permission to remove tags from the specified resource",
+    "accessLevel": "Tagging",
+    "resourceTypes": [
+      {
+        "name": "accessgrant",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
+      {
+        "name": "accessgrantsinstance",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
+      {
+        "name": "accessgrantslocation",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      },
+      {
+        "name": "storagelensgroup",
+        "required": false,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:TagKeys"
+    ],
+    "dependentActions": []
+  },
+  "UpdateAccessGrantsLocation": {
+    "name": "UpdateAccessGrantsLocation",
+    "description": "Grants permission to update Access Grants location",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "accessgrantslocation",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "aws:ResourceTag/${TagKey}"
+    ],
+    "dependentActions": []
+  },
+  "UpdateJobPriority": {
+    "name": "UpdateJobPriority",
+    "description": "Grants permission to update the priority of an existing job",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "job",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "s3:RequestJobPriority",
+      "s3:ExistingJobPriority",
+      "s3:ExistingJobOperation"
+    ],
+    "dependentActions": []
+  },
+  "UpdateJobStatus": {
+    "name": "UpdateJobStatus",
+    "description": "Grants permission to update the status for the specified job",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "job",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256",
+      "s3:ExistingJobPriority",
+      "s3:ExistingJobOperation",
+      "s3:JobSuspendedCause"
+    ],
+    "dependentActions": []
+  },
+  "UpdateStorageLensGroup": {
+    "name": "UpdateStorageLensGroup",
+    "description": "Grants permission to update an existing S3 Storage Lens group",
+    "accessLevel": "Write",
+    "resourceTypes": [
+      {
+        "name": "storagelensgroup",
+        "required": true,
+        "conditionKeys": [],
+        "dependentActions": []
+      }
+    ],
+    "conditionKeys": [
+      "s3:authType",
+      "s3:ResourceAccount",
+      "s3:signatureAge",
+      "s3:signatureversion",
+      "s3:TlsVersion",
+      "s3:x-amz-content-sha256"
+    ],
+    "dependentActions": []
+  }
+}